Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
user.exe

Overview

General Information

Sample name:user.exe
Analysis ID:1579342
MD5:9ac651562b490c1651fdd79149040bf8
SHA1:fc17e22b0f17755ee5a665c0dc4d128e4eb6d8c2
SHA256:c414aac5e5b64da60d998f5d82d3233204ddbe02981b8734fca6dd0b56f691cf
Tags:exeuser-aachum
Infos:

Detection

Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Found pyInstaller with non standard icon
Uses the Telegram API (likely for C&C communication)
Binary contains a suspicious time stamp
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to detect virtual machines (SGDT)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates COM task schedule object (often to register a task for autostart)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • user.exe (PID: 2448 cmdline: "C:\Users\user\Desktop\user.exe" MD5: 9AC651562B490C1651FDD79149040BF8)
    • user.exe (PID: 420 cmdline: "C:\Users\user\Desktop\user.exe" MD5: 9AC651562B490C1651FDD79149040BF8)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: user.exeVirustotal: Detection: 12%Perma Link
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 98.3% probability
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA360A3D0 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDA360A3D0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA36043C0 EVP_MD_CTX_new,EVP_DigestInit,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_MD_CTX_free,CRYPTO_malloc,EVP_PKEY_CTX_ctrl,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,CRYPTO_clear_free,ERR_new,ERR_set_debug,2_2_00007FFDA36043C0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1D93 EVP_CIPHER_CTX_free,EVP_CIPHER_CTX_free,EVP_CIPHER_CTX_free,CRYPTO_zalloc,EVP_MAC_CTX_free,EVP_MAC_free,CRYPTO_free,EVP_CIPHER_CTX_free,EVP_MAC_fetch,EVP_MAC_CTX_new,EVP_MAC_free,EVP_CIPHER_CTX_new,EVP_CIPHER_fetch,OSSL_PARAM_construct_utf8_string,OSSL_PARAM_construct_end,EVP_MAC_init,EVP_DecryptInit_ex,EVP_CIPHER_free,EVP_CIPHER_free,EVP_CIPHER_free,EVP_MAC_CTX_get_mac_size,EVP_CIPHER_CTX_get_iv_length,EVP_MAC_final,CRYPTO_memcmp,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,memcpy,ERR_clear_error,CRYPTO_free,EVP_CIPHER_CTX_free,EVP_MAC_CTX_free,CRYPTO_free,2_2_00007FFDA35A1D93
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35F8390 CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFDA35F8390
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35B2360 CRYPTO_THREAD_run_once,2_2_00007FFDA35B2360
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A198D CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FFDA35A198D
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35BE427 CRYPTO_THREAD_write_lock,2_2_00007FFDA35BE427
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A23DD EVP_MD_get_size,EVP_CIPHER_get_iv_length,EVP_CIPHER_get_key_length,CRYPTO_clear_free,CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FFDA35A23DD
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35C2410 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_dup,X509_VERIFY_PARAM_new,X509_VERIFY_PARAM_inherit,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_malloc,memcpy,CRYPTO_new_ex_data,2_2_00007FFDA35C2410
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1B31 CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDA35A1B31
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA3600330 CRYPTO_free,CRYPTO_strndup,2_2_00007FFDA3600330
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A4300 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFDA35A4300
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35EE190 CRYPTO_free,2_2_00007FFDA35EE190
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A15E6 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,memcpy,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFDA35A15E6
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1F55 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FFDA35A1F55
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1389 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFDA35A1389
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35EE200 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDA35EE200
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35F80C0 CRYPTO_memdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFDA35F80C0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35C20A0 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,2_2_00007FFDA35C20A0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA36000A0 CRYPTO_free,CRYPTO_memdup,2_2_00007FFDA36000A0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35AE0AD ERR_set_debug,CRYPTO_free,CRYPTO_strdup,ERR_new,2_2_00007FFDA35AE0AD
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35BC080 CRYPTO_free,CRYPTO_memdup,2_2_00007FFDA35BC080
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A2527 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDA35A2527
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A19DD BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,CRYPTO_free,CRYPTO_strdup,2_2_00007FFDA35A19DD
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A4100 CRYPTO_free,2_2_00007FFDA35A4100
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1361 CRYPTO_malloc,EVP_PKEY_set_type,EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_CTX_free,ERR_pop_to_mark,CRYPTO_free,EVP_PKEY_free,2_2_00007FFDA35A1361
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1F28 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,2_2_00007FFDA35A1F28
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1401 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,2_2_00007FFDA35A1401
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35EE781 CRYPTO_free,CRYPTO_free,2_2_00007FFDA35EE781
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A2423 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFDA35A2423
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1F3C CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FFDA35A1F3C
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1CA3 CRYPTO_strdup,CRYPTO_free,2_2_00007FFDA35A1CA3
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A25F4 CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,memcpy,memcmp,memcmp,memcmp,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_clear_free,2_2_00007FFDA35A25F4
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35BA6D0 CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,2_2_00007FFDA35BA6D0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35E26B0 ERR_new,ERR_set_debug,BN_num_bits,CRYPTO_malloc,ERR_new,ERR_set_debug,BN_bn2bin,ERR_new,ERR_set_debug,BN_clear_free,BN_clear_free,CRYPTO_clear_free,ERR_new,ERR_set_debug,BN_clear_free,BN_clear_free,BN_clear_free,2_2_00007FFDA35E26B0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A162C EVP_MD_CTX_new,ERR_new,ERR_set_debug,ERR_new,EVP_MD_get0_name,EVP_DigestSignInit_ex,ERR_new,ERR_set_debug,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,EVP_DigestSignUpdate,EVP_DigestSignFinal,CRYPTO_malloc,EVP_DigestSignFinal,ERR_new,ERR_new,EVP_DigestSign,ERR_new,CRYPTO_malloc,EVP_DigestSign,BUF_reverse,ERR_new,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_MD_CTX_free,2_2_00007FFDA35A162C
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35E4660 CRYPTO_malloc,memset,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,2_2_00007FFDA35E4660
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A16A4 CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDA35A16A4
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A103C CRYPTO_malloc,COMP_expand_block,2_2_00007FFDA35A103C
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35EE700 CRYPTO_free,2_2_00007FFDA35EE700
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A120D EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memset,2_2_00007FFDA35A120D
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A85A0 CRYPTO_zalloc,CRYPTO_free,2_2_00007FFDA35A85A0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1488 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFDA35A1488
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A13D9 OPENSSL_sk_new_null,ERR_new,ERR_set_debug,X509_new_ex,d2i_X509,CRYPTO_free,OPENSSL_sk_push,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_pop_free,2_2_00007FFDA35A13D9
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1212 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FFDA35A1212
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA3606650 EVP_CIPHER_CTX_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FFDA3606650
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35F8620 CRYPTO_memcmp,2_2_00007FFDA35F8620
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A24CD CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,2_2_00007FFDA35A24CD
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35C05E0 X509_VERIFY_PARAM_free,CRYPTO_free_ex_data,BIO_pop,BIO_free,BIO_free_all,BIO_free_all,BUF_MEM_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,SCT_LIST_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,EVP_MD_CTX_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,ASYNC_WAIT_CTX_free,CRYPTO_free,OPENSSL_sk_free,CRYPTO_THREAD_lock_free,CRYPTO_free,2_2_00007FFDA35C05E0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A26E4 BIO_s_file,BIO_new,ERR_new,ERR_set_debug,BIO_ctrl,ERR_new,ERR_set_debug,strncmp,ERR_new,ERR_set_debug,strncmp,CRYPTO_realloc,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,PEM_read_bio,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,BIO_free,2_2_00007FFDA35A26E4
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A18B6 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFDA35A18B6
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35D4490 CRYPTO_realloc,memcpy,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFDA35D4490
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1AC3 CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,2_2_00007FFDA35A1AC3
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA3616550 CRYPTO_memcmp,2_2_00007FFDA3616550
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35B4530 OPENSSL_sk_num,X509_STORE_CTX_new_ex,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_value,X509_STORE_CTX_init,ERR_new,ERR_set_debug,ERR_set_error,X509_STORE_CTX_free,X509_STORE_CTX_set_flags,CRYPTO_THREAD_run_once,X509_STORE_CTX_set_ex_data,OPENSSL_sk_num,X509_STORE_CTX_set0_dane,X509_STORE_CTX_set_default,X509_VERIFY_PARAM_set1,X509_STORE_CTX_set_verify_cb,X509_verify_cert,X509_STORE_CTX_get_error,OPENSSL_sk_pop_free,X509_STORE_CTX_get0_chain,X509_STORE_CTX_get1_chain,ERR_new,ERR_set_debug,ERR_set_error,X509_VERIFY_PARAM_move_peername,X509_STORE_CTX_free,2_2_00007FFDA35B4530
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1ACD ERR_new,ERR_set_debug,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,memcpy,ERR_new,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,2_2_00007FFDA35A1ACD
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1A0F ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_get0_cipher,EVP_CIPHER_get_flags,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_get0_md,EVP_MD_get_size,CRYPTO_memcmp,ERR_set_mark,ERR_clear_last_mark,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_pop_to_mark,ERR_clear_last_mark,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,EVP_MD_CTX_get0_md,CRYPTO_memcmp,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,strncmp,strncmp,strncmp,strncmp,strncmp,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,2_2_00007FFDA35A1A0F
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA3604C40 ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,RAND_bytes_ex,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_encrypt_init,EVP_PKEY_encrypt,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,2_2_00007FFDA3604C40
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A4C00 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFDA35A4C00
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35EEC10 CRYPTO_free,2_2_00007FFDA35EEC10
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1AB4 CRYPTO_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,2_2_00007FFDA35A1AB4
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A114F CRYPTO_free,ERR_new,ERR_set_debug,2_2_00007FFDA35A114F
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35BEB48 CRYPTO_free,2_2_00007FFDA35BEB48
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1460 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_snprintf,2_2_00007FFDA35A1460
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35B6B20 CRYPTO_THREAD_run_once,OPENSSL_sk_find,OPENSSL_sk_value,EVP_CIPHER_fetch,EVP_CIPHER_get_flags,2_2_00007FFDA35B6B20
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A4B30 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFDA35A4B30
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35CEB10 CRYPTO_THREAD_write_lock,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,2_2_00007FFDA35CEB10
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A204F CRYPTO_free,CRYPTO_malloc,ERR_new,RAND_bytes_ex,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,2_2_00007FFDA35A204F
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A17DF ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFDA35A17DF
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1893 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_strdup,ERR_new,ERR_set_debug,2_2_00007FFDA35A1893
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35B4990 i2d_X509_NAME,i2d_X509_NAME,memcmp,CRYPTO_free,CRYPTO_free,2_2_00007FFDA35B4990
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A2185 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,2_2_00007FFDA35A2185
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1A05 ERR_new,ERR_set_debug,ERR_set_error,ASN1_item_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,_time64,X509_free,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,ASN1_item_free,2_2_00007FFDA35A1A05
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1492 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,2_2_00007FFDA35A1492
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35E2A50 SRP_Calc_u_ex,BN_num_bits,CRYPTO_malloc,ERR_new,ERR_set_debug,BN_bn2bin,BN_clear_free,BN_clear_free,2_2_00007FFDA35E2A50
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A24EB CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,2_2_00007FFDA35A24EB
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35F89F0 CRYPTO_free,CRYPTO_memdup,2_2_00007FFDA35F89F0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A26B2 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,2_2_00007FFDA35A26B2
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35EE8C0 CRYPTO_free,2_2_00007FFDA35EE8C0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA3618870 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_free,OPENSSL_sk_dup,OPENSSL_sk_free,OPENSSL_sk_dup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_free,ERR_new,ERR_set_debug,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,2_2_00007FFDA3618870
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA3604860 ERR_new,ERR_set_debug,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_free,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,OPENSSL_cleanse,OPENSSL_cleanse,CRYPTO_clear_free,CRYPTO_clear_free,2_2_00007FFDA3604860
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1EE2 CRYPTO_free,CRYPTO_strndup,CRYPTO_free,OPENSSL_cleanse,_time64,memcpy,EVP_MD_get0_name,EVP_MD_is_a,ERR_new,ERR_set_debug,OPENSSL_cleanse,ERR_new,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_new,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,2_2_00007FFDA35A1EE2
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35EE920 CRYPTO_free,2_2_00007FFDA35EE920
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35B4930 CRYPTO_get_ex_new_index,2_2_00007FFDA35B4930
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A139D memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,2_2_00007FFDA35A139D
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA361A8F0 EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,EVP_PKEY_decrypt_init,ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_clear_error,ASN1_item_d2i,ASN1_TYPE_get,ERR_new,ERR_set_debug,EVP_PKEY_decrypt,ERR_new,EVP_PKEY_CTX_ctrl,ERR_new,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,ASN1_item_free,2_2_00007FFDA361A8F0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA360C8E0 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFDA360C8E0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A4FD0 CRYPTO_free,2_2_00007FFDA35A4FD0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A20E5 CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDA35A20E5
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A2144 EVP_CIPHER_get_mode,EVP_CIPHER_get_mode,EVP_CIPHER_get_iv_length,EVP_CIPHER_get_key_length,CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FFDA35A2144
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A2117 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,2_2_00007FFDA35A2117
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35ACEA0 CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_free,memset,CRYPTO_free,2_2_00007FFDA35ACEA0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A17E9 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,ERR_new,CRYPTO_memdup,ERR_new,ERR_new,ERR_new,ERR_set_debug,2_2_00007FFDA35A17E9
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35E8E90 CRYPTO_malloc,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FFDA35E8E90
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A117C _time64,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,2_2_00007FFDA35A117C
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A236A CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,CRYPTO_free,CRYPTO_free,2_2_00007FFDA35A236A
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA3612EE0 CRYPTO_memcmp,2_2_00007FFDA3612EE0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35BEDC1 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,BUF_MEM_free,EVP_MD_CTX_free,X509_free,X509_VERIFY_PARAM_move_peername,CRYPTO_free,2_2_00007FFDA35BEDC1
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1771 CRYPTO_free,2_2_00007FFDA35A1771
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A222F ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,2_2_00007FFDA35A222F
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1B54 memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,memcmp,EVP_CIPHER_CTX_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,memcmp,ERR_new,ERR_set_debug,memcpy,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FFDA35A1B54
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35BEDC1 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,BUF_MEM_free,EVP_MD_CTX_free,X509_free,X509_VERIFY_PARAM_move_peername,CRYPTO_free,2_2_00007FFDA35BEDC1
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1811 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FFDA35A1811
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35F8CA0 CRYPTO_free,CRYPTO_strndup,2_2_00007FFDA35F8CA0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A257C ERR_new,ERR_set_debug,CRYPTO_free,BIO_clear_flags,BIO_set_flags,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,OPENSSL_cleanse,2_2_00007FFDA35A257C
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35E8C80 CRYPTO_free,2_2_00007FFDA35E8C80
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A22D9 CRYPTO_malloc,CONF_parse_list,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,2_2_00007FFDA35A22D9
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35EEC70 CRYPTO_free,2_2_00007FFDA35EEC70
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35E8D40 OPENSSL_cleanse,CRYPTO_free,2_2_00007FFDA35E8D40
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1CBC EVP_MD_get_size,ERR_new,ERR_set_debug,RAND_bytes_ex,ERR_new,ERR_set_debug,_time64,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDA35A1CBC
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35BCD30 CRYPTO_free,CRYPTO_free,CRYPTO_free_ex_data,OPENSSL_LH_free,X509_STORE_free,CTLOG_STORE_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_secure_free,EVP_MD_get0_provider,EVP_MD_free,EVP_MD_get0_provider,EVP_MD_free,EVP_CIPHER_get0_provider,EVP_CIPHER_free,EVP_MD_get0_provider,EVP_MD_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,CRYPTO_free,2_2_00007FFDA35BCD30
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A136B ERR_new,ERR_set_debug,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,ERR_new,ERR_set_debug,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDA35A136B
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35AD3CA CRYPTO_free,2_2_00007FFDA35AD3CA
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1444 EVP_MD_CTX_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,2_2_00007FFDA35A1444
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA361B430 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,EVP_PKEY_decrypt_init,EVP_PKEY_CTX_set_rsa_padding,OSSL_PARAM_construct_uint,OSSL_PARAM_construct_end,EVP_PKEY_CTX_set_params,EVP_PKEY_decrypt,OPENSSL_cleanse,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_CTX_free,2_2_00007FFDA361B430
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1997 ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_decapsulate,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,2_2_00007FFDA35A1997
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1A32 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,2_2_00007FFDA35A1A32
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A195B CRYPTO_zalloc,EVP_MAC_free,EVP_MAC_CTX_free,CRYPTO_free,2_2_00007FFDA35A195B
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1F8C CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FFDA35A1F8C
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA3613260 CRYPTO_free,CRYPTO_memdup,2_2_00007FFDA3613260
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A111D CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,EVP_PKEY_up_ref,X509_up_ref,EVP_PKEY_up_ref,X509_chain_up_ref,CRYPTO_malloc,memcpy,CRYPTO_malloc,memcpy,ERR_new,ERR_set_debug,ERR_set_error,EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,ERR_new,CRYPTO_malloc,memcpy,CRYPTO_memdup,X509_STORE_up_ref,X509_STORE_up_ref,CRYPTO_strdup,2_2_00007FFDA35A111D
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35AB300 CRYPTO_clear_free,2_2_00007FFDA35AB300
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A17F8 EVP_MD_CTX_new,EVP_PKEY_new_raw_private_key_ex,EVP_DigestSignInit_ex,EVP_DigestSign,EVP_MD_CTX_free,EVP_PKEY_free,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,_time64,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,EVP_PKEY_free,ERR_new,ERR_set_debug,EVP_MD_CTX_free,EVP_PKEY_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDA35A17F8
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1677 CRYPTO_THREAD_write_lock,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,2_2_00007FFDA35A1677
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35D92E0 CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFDA35D92E0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35AF160 CRYPTO_free,CRYPTO_memdup,2_2_00007FFDA35AF160
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA3601170 ERR_new,ERR_set_debug,CRYPTO_clear_free,2_2_00007FFDA3601170
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35CD170 CRYPTO_THREAD_write_lock,OPENSSL_sk_new_null,OPENSSL_LH_delete,OPENSSL_sk_push,OPENSSL_LH_set_down_load,CRYPTO_THREAD_unlock,OPENSSL_sk_pop_free,2_2_00007FFDA35CD170
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1B90 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FFDA35A1B90
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1262 X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,2_2_00007FFDA35A1262
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35AD227 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFDA35AD227
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA3607230 CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FFDA3607230
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1A23 BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,CRYPTO_strdup,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FFDA35A1A23
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A2374 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDA35A2374
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35D50D8 EVP_MAC_CTX_free,CRYPTO_free,2_2_00007FFDA35D50D8
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A14CE CRYPTO_free,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,2_2_00007FFDA35A14CE
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35E30A0 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FFDA35E30A0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A21DF CRYPTO_memcmp,2_2_00007FFDA35A21DF
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35C9080 CRYPTO_free,EVP_PKEY_free,CRYPTO_free,2_2_00007FFDA35C9080
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA361B070 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_memdup,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDA361B070
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA3605070 BN_num_bits,BN_bn2bin,CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDA3605070
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35CF070 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,_time64,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,ERR_new,ERR_set_debug,memcpy,2_2_00007FFDA35CF070
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35E9120 CRYPTO_malloc,ERR_new,ERR_set_debug,2_2_00007FFDA35E9120
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A11A9 EVP_MAC_CTX_free,CRYPTO_free,2_2_00007FFDA35A11A9
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA36017A1 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,2_2_00007FFDA36017A1
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35F77A0 CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFDA35F77A0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A11BD CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,CRYPTO_free,CRYPTO_free,2_2_00007FFDA35A11BD
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35B7840 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FFDA35B7840
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1087 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_THREAD_run_once,CRYPTO_THREAD_run_once,2_2_00007FFDA35A1087
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA36157FE CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDA36157FE
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35E56D0 CRYPTO_free,2_2_00007FFDA35E56D0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A12CB CRYPTO_THREAD_run_once,2_2_00007FFDA35A12CB
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA360B660 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FFDA360B660
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35F1750 CRYPTO_free,CRYPTO_memdup,2_2_00007FFDA35F1750
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1023 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,2_2_00007FFDA35A1023
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A2469 CRYPTO_memcmp,ERR_new,ERR_set_debug,memchr,ERR_new,CRYPTO_free,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDA35A2469
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A21E9 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,ERR_new,ERR_set_debug,2_2_00007FFDA35A21E9
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A20F4 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFDA35A20F4
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35F7570 CRYPTO_realloc,2_2_00007FFDA35F7570
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA3613650 CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,EVP_CIPHER_fetch,EVP_CIPHER_get_iv_length,RAND_bytes_ex,EVP_CIPHER_free,EVP_EncryptUpdate,EVP_EncryptFinal,ERR_new,ERR_new,CRYPTO_free,EVP_CIPHER_CTX_free,ERR_new,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_get_iv_length,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_CIPHER_CTX_free,2_2_00007FFDA3613650
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35AF650 EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_derive_set_peer,EVP_PKEY_is_a,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_derive,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,2_2_00007FFDA35AF650
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35B1620 CRYPTO_free,CRYPTO_strndup,2_2_00007FFDA35B1620
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A110E EVP_PKEY_free,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_new,ERR_new,ERR_set_debug,EVP_DigestVerifyInit_ex,ERR_new,ERR_set_debug,ERR_new,CRYPTO_free,ERR_new,ERR_set_debug,EVP_MD_CTX_free,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,2_2_00007FFDA35A110E
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1181 CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFDA35A1181
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A2379 CRYPTO_free,2_2_00007FFDA35A2379
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1EDD CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_find,CRYPTO_free,ERR_new,ERR_set_debug,OPENSSL_sk_push,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFDA35A1EDD
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1393 OSSL_PROVIDER_do_all,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,2_2_00007FFDA35A1393
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA3613480 CRYPTO_free,CRYPTO_strndup,2_2_00007FFDA3613480
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A2126 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memcmp,ERR_new,ERR_set_debug,_time64,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDA35A2126
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A193D CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFDA35A193D
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35CD510 CRYPTO_free_ex_data,OPENSSL_cleanse,OPENSSL_cleanse,X509_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_clear_free,2_2_00007FFDA35CD510
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35F14E0 CRYPTO_memcmp,2_2_00007FFDA35F14E0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1992 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,OPENSSL_LH_new,X509_STORE_new,CTLOG_STORE_new_ex,OPENSSL_sk_num,X509_VERIFY_PARAM_new,OPENSSL_sk_new_null,OPENSSL_sk_new_null,CRYPTO_new_ex_data,CRYPTO_secure_zalloc,RAND_bytes_ex,RAND_priv_bytes_ex,RAND_priv_bytes_ex,RAND_priv_bytes_ex,ERR_new,ERR_set_debug,2_2_00007FFDA35A1992
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA3601B9F CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FFDA3601B9F
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35CDBA0 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,_time64,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,CRYPTO_free,2_2_00007FFDA35CDBA0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35B5BB0 OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_sort,2_2_00007FFDA35B5BB0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35C5B90 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFDA35C5B90
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA361BB70 OPENSSL_sk_new_null,ERR_new,ERR_set_debug,X509_new_ex,d2i_X509,CRYPTO_free,CRYPTO_memcmp,ERR_new,ERR_set_debug,OPENSSL_sk_push,OPENSSL_sk_num,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_pop_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_value,X509_get0_pubkey,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_shift,OPENSSL_sk_pop_free,ERR_new,ERR_set_debug,2_2_00007FFDA361BB70
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A19E7 CRYPTO_free,2_2_00007FFDA35A19E7
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1483 CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDA35A1483
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1582 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FFDA35A1582
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A155A ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,2_2_00007FFDA35A155A
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35B7A60 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_malloc,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,strncmp,CRYPTO_free,CRYPTO_free,OPENSSL_sk_new_null,CRYPTO_free,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_push,OPENSSL_sk_delete,OPENSSL_sk_num,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_free,CRYPTO_free,OPENSSL_sk_free,2_2_00007FFDA35B7A60
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA3603A60 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,EVP_PKEY_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,2_2_00007FFDA3603A60
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35E9A60 ERR_new,ERR_set_debug,EVP_MD_CTX_get0_md,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_set_mark,ERR_pop_to_mark,ERR_new,ERR_set_debug,ERR_clear_last_mark,EVP_MD_CTX_get0_md,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FFDA35E9A60
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35EFB00 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,2_2_00007FFDA35EFB00
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35CFAF0 CRYPTO_malloc,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,X509_chain_up_ref,CRYPTO_strdup,CRYPTO_strdup,CRYPTO_dup_ex_data,CRYPTO_strdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_memdup,2_2_00007FFDA35CFAF0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A11DB EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,2_2_00007FFDA35A11DB
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A105F ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,CRYPTO_clear_free,2_2_00007FFDA35A105F
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35ED980 RAND_bytes_ex,CRYPTO_malloc,memset,2_2_00007FFDA35ED980
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35F1970 ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,CRYPTO_free,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,2_2_00007FFDA35F1970
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA360BA20 CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFDA360BA20
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35E3A00 CRYPTO_free,CRYPTO_free,OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,2_2_00007FFDA35E3A00
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1A15 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FFDA35A1A15
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1A41 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,memcmp,ERR_new,ERR_set_debug,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDA35A1A41
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A13DE EVP_MD_CTX_new,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get_security_bits,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_free,EVP_PKEY_get_bn_param,EVP_PKEY_get_bn_param,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,BN_num_bits,BN_num_bits,memset,BN_num_bits,BN_bn2bin,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_get0_name,EVP_DigestSignInit_ex,ERR_new,ERR_set_debug,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,ERR_set_debug,EVP_DigestSign,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,BN_free,BN_free,BN_free,BN_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDA35A13DE
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35D38C0 CRYPTO_malloc,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,memset,OSSL_PARAM_locate_const,CRYPTO_strdup,ERR_new,ERR_set_debug,OSSL_PARAM_locate_const,CRYPTO_strdup,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_locate_const,CRYPTO_strdup,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_get_uint,OSSL_PARAM_locate_const,OSSL_PARAM_get_uint,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,ERR_set_mark,EVP_KEYMGMT_free,ERR_pop_to_mark,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFDA35D38C0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A589C BIO_get_data,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_set_init,BIO_clear_flags,BIO_get_data,BIO_set_shutdown,BIO_push,BIO_set_next,BIO_up_ref,BIO_set_init,2_2_00007FFDA35A589C
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35B9870 CRYPTO_free,CRYPTO_strdup,2_2_00007FFDA35B9870
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1E6A ERR_new,ERR_set_debug,CRYPTO_clear_free,2_2_00007FFDA35A1E6A
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA361B900 BN_bin2bn,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDA361B900
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35AF910 ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,CRYPTO_malloc,CRYPTO_malloc,EVP_PKEY_encapsulate,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,CRYPTO_free,EVP_PKEY_CTX_free,2_2_00007FFDA35AF910
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1654 EVP_MD_CTX_new,ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get_id,EVP_PKEY_get_id,EVP_PKEY_get_id,ERR_new,EVP_MD_get0_name,EVP_DigestVerifyInit_ex,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,BUF_reverse,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,EVP_MD_CTX_ctrl,ERR_new,ERR_set_debug,ERR_new,EVP_DigestVerify,ERR_new,ERR_new,ERR_new,ERR_set_debug,BIO_free,EVP_MD_CTX_free,CRYPTO_free,2_2_00007FFDA35A1654
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35ADFB5 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDA35ADFB5
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1B18 ERR_new,ERR_set_debug,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,OPENSSL_cleanse,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_new,ERR_set_debug,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,CRYPTO_memcmp,ERR_new,ERR_new,2_2_00007FFDA35A1B18
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A23EC CRYPTO_free,CRYPTO_memdup,2_2_00007FFDA35A23EC
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A202C CRYPTO_free,2_2_00007FFDA35A202C
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35C6030 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_insert,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,d2i_X509,X509_get0_pubkey,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,X509_free,OPENSSL_sk_new_null,OPENSSL_sk_push,ERR_new,ERR_set_debug,ERR_set_error,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFDA35C6030
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1019 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,2_2_00007FFDA35A1019
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A107D CRYPTO_free,2_2_00007FFDA35A107D
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A3EB0 CRYPTO_free,2_2_00007FFDA35A3EB0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A25DB CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,ERR_new,ERR_set_debug,2_2_00007FFDA35A25DB
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A150F OPENSSL_sk_num,OPENSSL_sk_num,OPENSSL_sk_new_reserve,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_value,X509_VERIFY_PARAM_get_depth,CRYPTO_dup_ex_data,X509_VERIFY_PARAM_inherit,OPENSSL_sk_dup,OPENSSL_sk_dup,2_2_00007FFDA35A150F
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A2720 CRYPTO_free,CRYPTO_strdup,2_2_00007FFDA35A2720
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA360DF40 CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,2_2_00007FFDA360DF40
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35B5F20 CRYPTO_THREAD_run_once,2_2_00007FFDA35B5F20
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1C53 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,2_2_00007FFDA35A1C53
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35BBF30 CRYPTO_memcmp,2_2_00007FFDA35BBF30
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA3603F30 ERR_new,ERR_set_debug,X509_get0_pubkey,EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,CRYPTO_malloc,EVP_PKEY_encrypt_init,RAND_bytes_ex,EVP_MD_CTX_new,EVP_DigestInit,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_MD_CTX_free,EVP_PKEY_CTX_ctrl,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,CRYPTO_clear_free,EVP_MD_CTX_free,2_2_00007FFDA3603F30
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A2680 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,2_2_00007FFDA35A2680
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A5EE0 BIO_get_data,BIO_get_shutdown,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,2_2_00007FFDA35A5EE0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1D89 CRYPTO_free,CRYPTO_memdup,2_2_00007FFDA35A1D89
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA360BE20 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,2_2_00007FFDA360BE20
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A2310 ERR_new,ERR_set_debug,_time64,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_new,EVP_MD_fetch,ERR_new,ERR_new,ERR_set_debug,EVP_MD_free,EVP_MD_get_size,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,EVP_MD_free,CRYPTO_free,2_2_00007FFDA35A2310
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35C5E10 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,2_2_00007FFDA35C5E10
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A108C ERR_new,ERR_set_debug,CRYPTO_free,2_2_00007FFDA35A108C
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35B3CC0 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FFDA35B3CC0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A23F1 CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,2_2_00007FFDA35A23F1
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35B5CB0 COMP_zlib,OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,COMP_get_name,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_sort,2_2_00007FFDA35B5CB0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A5C9B CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_set_init,BIO_set_data,BIO_clear_flags,2_2_00007FFDA35A5C9B
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35C5D20 CRYPTO_free,CRYPTO_free,2_2_00007FFDA35C5D20
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1CEE CRYPTO_malloc,memset,memcpy,memcpy,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,OPENSSL_cleanse,2_2_00007FFDA35A1CEE
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA3603D20 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,2_2_00007FFDA3603D20
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A2595 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,2_2_00007FFDA35A2595
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA36753DC ASN1_STRING_type,ASN1_STRING_length,ASN1_STRING_get0_data,Py_BuildValue,ASN1_STRING_to_UTF8,_Py_Dealloc,Py_BuildValue,CRYPTO_free,2_2_00007FFDA36753DC
Source: user.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdb source: mfc140u.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: user.exe, 00000000.00000003.2146517231.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3411011151.00007FFD93D57000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: user.exe, 00000002.00000002.3411559326.00007FFD941AA000.00000002.00000001.01000000.0000000E.sdmp, libcrypto-3.dll.0.dr
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\_win32sysloader.pdb source: user.exe, 00000000.00000003.2148730570.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, _win32sysloader.pyd.0.dr
Source: Binary string: D:\a\1\b\libssl-3.pdbDD source: user.exe, 00000002.00000002.3413193437.00007FFDA3625000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\win32ui.pdbOO source: win32ui.pyd.0.dr
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\pywintypes.pdb** source: user.exe, 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb(('GCTL source: user.exe, 00000000.00000003.2133809062.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3413952189.00007FFDA4634000.00000002.00000001.01000000.00000015.sdmp, _wmi.pyd.0.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.15 3 Sep 20243.0.15built on: Wed Sep 4 15:52:04 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"userSDIR: "C:\Program Files\OpenSSL\lib\users-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_p
Source: Binary string: crypto\bn\bn_ctx.cBN_CTX_startBN_CTX_getossl_ec_group_new_excrypto\ec\ec_lib.cEC_GROUP_copyEC_GROUP_set_generatorEC_GROUP_set_curveEC_GROUP_get_curveEC_GROUP_get_degreeEC_GROUP_check_discriminantEC_POINT_newEC_POINT_copyEC_POINT_set_to_infinityEC_POINT_set_Jprojective_coordinates_GFpEC_POINT_set_affine_coordinatesEC_POINT_get_affine_coordinatesEC_POINT_addEC_POINT_dblEC_POINT_invertEC_POINT_is_at_infinityEC_POINT_is_on_curveEC_POINT_cmpEC_POINT_mulEC_GROUP_get_trinomial_basisEC_GROUP_get_pentanomial_basisgroup_new_from_nameossl_ec_group_set_paramsencodingdecoded-from-explicitEC_GROUP_new_from_paramsgeneratorcrypto\evp\digest.cevp_md_ctx_new_exevp_md_ctx_free_algctxevp_md_init_internalEVP_DigestUpdatesizeEVP_DigestFinal_exassertion failed: mdsize <= EVP_MAX_MD_SIZEEVP_DigestFinalXOFxoflenEVP_MD_CTX_copy_exEVP_MD_CTX_ctrlmicalgssl3-msblocksizexofalgid-absentevp_md_from_algorithmupdatecrypto\evp\m_sigver.cUNDEFdo_sigver_initEVP_DigestSignUpdateEVP_DigestVerifyUpdateEVP_DigestSignFinalEVP_DigestSignEVP_DigestVerifyFinalEVP_DigestVerifycompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"3.3.2built on: Fri Oct 18 00:15:00 2024 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"userSDIR: "C:\Program Files\OpenSSL\lib\users-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availablecrypto\init.cOPENSSL_init_cryptocrypto\bio\bio_lib.cBIO_new_exbio_read_internbio_write_internBIO_sendmmsgBIO_recvmmsgBIO_putsBIO_getsBIO_get_line BIO_ctrlBIO_callback_ctrlBIO_find_type source: _rust.pyd.0.dr
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\pythoncom.pdb}},GCTL source: user.exe, 00000002.00000002.3410864735.00007FFD93C4E000.00000002.00000001.01000000.00000018.sdmp, pythoncom313.dll.0.dr
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\win32trace.pdb source: user.exe, 00000000.00000003.2149332664.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, win32trace.pyd.0.dr
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\win32ui.pdb source: win32ui.pyd.0.dr
Source: Binary string: ossl_ec_GFp_simple_group_set_curvecrypto\ec\ecp_smpl.cossl_ec_GFp_simple_group_check_discriminantossl_ec_GFp_simple_point_set_affine_coordinatesossl_ec_GFp_simple_point_get_affine_coordinatesossl_ec_GFp_simple_make_affineossl_ec_GFp_simple_points_make_affineossl_ec_GFp_simple_field_invossl_ec_GFp_simple_blind_coordinatescrypto\user\tb_digest.cuser_get_digestcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specific.dllCPUINFO: crypto\initthread.cOPENSSL_ia32cap source: _rust.pyd.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: user.exe, 00000000.00000003.2132050963.000001E955DE3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3414197760.00007FFDA5474000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: user.exe, 00000002.00000002.3411559326.00007FFD94112000.00000002.00000001.01000000.0000000E.sdmp, libcrypto-3.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: user.exe, 00000000.00000003.2132050963.000001E955DE3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3414197760.00007FFDA5474000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\win32api.pdb!! source: user.exe, 00000002.00000002.3412855086.00007FFD9F3D3000.00000002.00000001.01000000.00000019.sdmp, win32api.pyd.0.dr
Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: user.exe, 00000002.00000002.3411559326.00007FFD941AA000.00000002.00000001.01000000.0000000E.sdmp, libcrypto-3.dll.0.dr
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\win32api.pdb source: user.exe, 00000002.00000002.3412855086.00007FFD9F3D3000.00000002.00000001.01000000.00000019.sdmp, win32api.pyd.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: _rust.pyd.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: user.exe, 00000000.00000003.2132198027.000001E955DE3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3413689442.00007FFDA3FD5000.00000002.00000001.01000000.00000016.sdmp, VCRUNTIME140_1.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: user.exe, 00000000.00000003.2145799140.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3414439896.00007FFDA54B3000.00000002.00000001.01000000.0000000C.sdmp, select.pyd.0.dr
Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdbGCTL source: mfc140u.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: user.exe, 00000002.00000002.3413597400.00007FFDA36E3000.00000002.00000001.01000000.00000007.sdmp, _ctypes.pyd.0.dr
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\pywintypes.pdb source: user.exe, 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: user.exe, 00000000.00000003.2132971103.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3414328389.00007FFDA5496000.00000002.00000001.01000000.00000010.sdmp, _hashlib.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: user.exe, 00000000.00000003.2133086787.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3413478524.00007FFDA36BB000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: user.exe, 00000000.00000003.2133211391.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3414106726.00007FFDA4DA3000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\pythoncom.pdb source: user.exe, 00000002.00000002.3410864735.00007FFD93C4E000.00000002.00000001.01000000.00000018.sdmp, pythoncom313.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: user.exe, 00000000.00000003.2133086787.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3413478524.00007FFDA36BB000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: user.exe, 00000000.00000003.2132300774.000001E955DE3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3413866301.00007FFDA433D000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: user.exe, 00000000.00000003.2133809062.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3413952189.00007FFDA4634000.00000002.00000001.01000000.00000015.sdmp, _wmi.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: user.exe, 00000000.00000003.2133297330.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3413777754.00007FFDA4169000.00000002.00000001.01000000.0000000B.sdmp, _socket.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: user.exe, 00000000.00000003.2140585600.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3408463161.000001F8471B0000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\python313.pdb source: user.exe, 00000002.00000002.3412055684.00007FFD94678000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: user.exe, 00000000.00000003.2132198027.000001E955DE3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3413689442.00007FFDA3FD5000.00000002.00000001.01000000.00000016.sdmp, VCRUNTIME140_1.dll.0.dr
Source: Binary string: D:\a\1\b\libssl-3.pdb source: user.exe, 00000002.00000002.3413193437.00007FFDA3625000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: user.exe, 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmp, _ssl.pyd.0.dr
Source: C:\Users\user\Desktop\user.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\Desktop\user.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\Desktop\user.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Users\user\Desktop\user.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Users\user\Desktop\user.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Users\user\Desktop\user.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\Desktop\user.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\Desktop\user.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Users\user\Desktop\user.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Users\user\Desktop\user.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Users\user\Desktop\user.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32Jump to behavior
Source: C:\Users\user\Desktop\user.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServerJump to behavior
Source: C:\Users\user\Desktop\user.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\Desktop\user.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ElevationJump to behavior
Source: C:\Users\user\Desktop\user.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\Desktop\user.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF715759280 FindFirstFileExW,FindClose,0_2_00007FF715759280
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF715771874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF715771874
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF7157583C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF7157583C0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF715759280 FindFirstFileExW,FindClose,2_2_00007FF715759280
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF715771874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_00007FF715771874
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF7157583C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,2_2_00007FF7157583C0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFD9F3C3540 PyArg_ParseTuple,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyList_New,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,FindFirstFileW,GetLastError,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,?PyObject_FromWIN32_FIND_DATAW@@YAPEAU_object@@PEAU_WIN32_FIND_DATAW@@@Z,PyList_Append,_Py_Dealloc,FindNextFileW,GetLastError,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,FindClose,_Py_Dealloc,2_2_00007FFD9F3C3540
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFD9F3C53D0 PyArg_ParseTuple,GetLogicalDriveStringsW,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,GetLogicalDriveStringsW,?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W_J@Z,2_2_00007FFD9F3C53D0

Networking

barindex
Uses the Telegram API (likely for C&C communication)
Source: unknownDNS query: name: api.telegram.org
Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: api.telegram.org
Source: user.exe, 00000002.00000002.3409928858.000001F8482A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
Source: user.exe, 00000000.00000003.2146517231.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2147833873.000001E955DF1000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2133414750.000001E955DE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digi
Source: user.exe, 00000000.00000003.2133086787.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2146517231.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2140585600.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2141778075.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2132601731.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2145799140.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2132811903.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2139844041.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2138529718.000001E955DF1000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2133211391.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2139649931.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2138529718.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2133414750.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2132971103.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2132300774.000001E955DE3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2133809062.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2133297330.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: user.exe, 00000000.00000003.2133086787.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2146517231.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2140585600.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2141778075.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2132601731.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2145799140.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2138529718.000001E955DEB000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2132811903.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2139844041.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2138529718.000001E955DF1000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2133211391.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2139649931.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2133414750.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2132971103.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2132300774.000001E955DE3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2133809062.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2133297330.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: user.exe, 00000000.00000003.2133086787.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2146517231.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2140585600.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2141778075.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2132601731.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2145799140.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2132811903.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2139844041.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2133211391.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2139649931.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2138529718.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2133414750.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2132971103.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2132300774.000001E955DE3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2133809062.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2133297330.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: user.exe, 00000000.00000003.2133086787.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2146517231.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2140585600.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2147833873.000001E955DF1000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2141778075.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2132601731.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2145799140.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2138529718.000001E955DEB000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2132811903.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2139844041.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2133211391.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2139649931.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2138529718.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2133414750.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2132971103.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2132300774.000001E955DE3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2133809062.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2133297330.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: user.exe, 00000002.00000002.3409186030.000001F847BF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
Source: user.exe, 00000002.00000002.3409186030.000001F847BF5000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3410010250.000001F848405000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: user.exe, 00000002.00000002.3409186030.000001F847BF5000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3408589562.000001F847350000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: user.exe, 00000002.00000002.3409186030.000001F847D58000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3409186030.000001F847F25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
Source: user.exe, 00000002.00000002.3409186030.000001F847BF5000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3410010250.000001F848405000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: user.exe, 00000002.00000002.3409186030.000001F847BF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crlI
Source: user.exe, 00000002.00000002.3410010250.000001F848405000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crlh
Source: user.exe, 00000002.00000002.3409186030.000001F847F25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl
Source: user.exe, 00000002.00000002.3408755287.000001F8476FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: user.exe, 00000002.00000002.3409186030.000001F847F25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: user.exe, 00000002.00000002.3408755287.000001F8476FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: user.exe, 00000002.00000002.3409186030.000001F847F25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: user.exe, 00000002.00000002.3409186030.000001F847BF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: user.exe, 00000002.00000002.3409186030.000001F847F25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crlR
Source: user.exe, 00000000.00000003.2133086787.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2146517231.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2140585600.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2147833873.000001E955DF1000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2141778075.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2132601731.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2145799140.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2132811903.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2139844041.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2138529718.000001E955DF1000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2133211391.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2139649931.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2138529718.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2133414750.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2132971103.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2132300774.000001E955DE3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2133809062.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2133297330.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: user.exe, 00000000.00000003.2133086787.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2146517231.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2140585600.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2141778075.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2132601731.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2145799140.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2138529718.000001E955DEB000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2132811903.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2139844041.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2138529718.000001E955DF1000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2133211391.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2139649931.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2133414750.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2132971103.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2132300774.000001E955DE3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2133809062.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2133297330.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: user.exe, 00000000.00000003.2133086787.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2146517231.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2140585600.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2141778075.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2132601731.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2145799140.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2132811903.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2139844041.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2133211391.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2139649931.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2138529718.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2133414750.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2132971103.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2132300774.000001E955DE3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2133809062.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2133297330.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: libcrypto-3.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: user.exe, 00000000.00000003.2133086787.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2146517231.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2140585600.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2141778075.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2132601731.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2145799140.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2138529718.000001E955DEB000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2132811903.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2139844041.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2138529718.000001E955DF1000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2133211391.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2139649931.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2133414750.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2132971103.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2132300774.000001E955DE3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2133809062.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2133297330.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: user.exe, 00000002.00000002.3409847357.000001F8481A0000.00000004.00001000.00020000.00000000.sdmp, user.exe, 00000002.00000003.2160160747.000001F847D8F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: user.exe, 00000002.00000002.3408755287.000001F8476FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
Source: user.exe, 00000002.00000002.3408755287.000001F847852000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.2160740290.000001F84786A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
Source: user.exe, 00000002.00000002.3408755287.000001F8476FF000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3408755287.000001F8477E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: user.exe, 00000002.00000002.3408589562.000001F847350000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
Source: user.exe, 00000002.00000002.3409186030.000001F847F25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
Source: user.exe, 00000002.00000002.3408589562.000001F847350000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.est
Source: user.exe, 00000000.00000003.2133086787.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2146517231.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2140585600.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2141778075.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2132601731.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2145799140.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2138529718.000001E955DEB000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2132811903.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2139844041.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2138529718.000001E955DF1000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2133211391.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2139649931.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2133414750.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2132971103.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2132300774.000001E955DE3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2133809062.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2133297330.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.drString found in binary or memory: http://ocsp.digicert.com0
Source: user.exe, 00000000.00000003.2133086787.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2146517231.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2140585600.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2147833873.000001E955DF1000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2141778075.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2132601731.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2145799140.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2138529718.000001E955DEB000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2132811903.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2139844041.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2133211391.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2139649931.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2138529718.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2133414750.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2132971103.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2132300774.000001E955DE3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2133809062.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2133297330.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0A
Source: user.exe, 00000000.00000003.2133086787.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2146517231.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2140585600.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2147833873.000001E955DF1000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2141778075.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2132601731.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2145799140.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2132811903.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2139844041.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2138529718.000001E955DF1000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2133211391.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2139649931.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2138529718.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2133414750.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2132971103.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2132300774.000001E955DE3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2133809062.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2133297330.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0C
Source: user.exe, 00000000.00000003.2133086787.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2146517231.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2140585600.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2141778075.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2132601731.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2145799140.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2132811903.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2139844041.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2133211391.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2139649931.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2138529718.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2133414750.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2132971103.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2132300774.000001E955DE3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2133809062.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2133297330.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0X
Source: user.exe, 00000002.00000002.3409186030.000001F847D58000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3409186030.000001F847F25000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3409186030.000001F847CB9000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3408589562.000001F847350000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
Source: user.exe, 00000002.00000002.3408589562.000001F847350000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/0
Source: user.exe, 00000002.00000002.3409186030.000001F847F25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/L
Source: user.exe, 00000002.00000002.3409767823.000001F8480A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: user.exe, 00000002.00000002.3409186030.000001F847F25000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3408589562.000001F847350000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: user.exe, 00000002.00000002.3409186030.000001F847D58000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
Source: user.exe, 00000002.00000002.3409186030.000001F847F25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: user.exe, 00000002.00000002.3409186030.000001F847F25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
Source: user.exe, 00000002.00000002.3409186030.000001F847F25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: user.exe, 00000002.00000002.3409186030.000001F847F25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
Source: user.exe, 00000002.00000002.3409186030.000001F847BF5000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3410010250.000001F848405000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
Source: user.exe, 00000000.00000003.2133086787.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2146517231.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2140585600.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2141778075.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2132601731.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2145799140.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2138529718.000001E955DEB000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2132811903.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2139844041.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2138529718.000001E955DF1000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2133211391.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2139649931.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2133414750.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2132971103.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2132300774.000001E955DE3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2133809062.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2133297330.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.drString found in binary or memory: http://www.digicert.com/CPS0
Source: user.exe, 00000002.00000002.3409186030.000001F847C78000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3408589562.000001F847350000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
Source: user.exe, 00000002.00000002.3408589562.000001F847350000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: user.exe, 00000002.00000002.3409186030.000001F847F25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
Source: user.exe, 00000002.00000002.3409186030.000001F847CB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
Source: user.exe, 00000002.00000002.3409186030.000001F847BF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
Source: user.exe, 00000002.00000002.3409026139.000001F847990000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
Source: user.exe, 00000002.00000002.3410228590.000001F848C44000.00000004.00001000.00020000.00000000.sdmp, user.exe, 00000002.00000002.3410407213.000001F848D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot8198088572:AAHwnTyia_2pAX94h0pkYLAjGks3YjPwP0M/sendMessage
Source: _cffi_backend.cp313-win_amd64.pyd.0.drString found in binary or memory: https://cffi.readthedocs.io/en/latest/using.html#callbacks
Source: user.exe, 00000000.00000003.2134952192.000001E955DE7000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io
Source: METADATA.0.drString found in binary or memory: https://cryptography.io/
Source: user.exe, 00000000.00000003.2134952192.000001E955DE7000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/changelog/
Source: _rust.pyd.0.drString found in binary or memory: https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file
Source: user.exe, 00000000.00000003.2134952192.000001E955DE7000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/installation/
Source: user.exe, 00000000.00000003.2134952192.000001E955DE7000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/security/
Source: user.exe, 00000002.00000003.2158458420.000001F847826000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3408755287.000001F8477E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
Source: user.exe, 00000002.00000002.3408674360.000001F847590000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://docs.python.org/3/howto/mro.html.
Source: user.exe, 00000002.00000002.3408336405.000001F8470A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename
Source: user.exe, 00000002.00000002.3408336405.000001F8470A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_code
Source: user.exe, 00000002.00000002.3408336405.000001F847124000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_source
Source: user.exe, 00000002.00000002.3408336405.000001F8470A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_package
Source: user.exe, 00000002.00000002.3408336405.000001F847124000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_module
Source: user.exe, 00000002.00000002.3408336405.000001F8470A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module
Source: user.exe, 00000002.00000002.3408336405.000001F8470A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches
Source: user.exe, 00000002.00000002.3408336405.000001F8470A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_spec
Source: user.exe, 00000002.00000002.3408174927.000001F8457B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_data
Source: user.exe, 00000002.00000002.3409928858.000001F8482A0000.00000004.00001000.00020000.00000000.sdmp, user.exe, 00000002.00000002.3410010250.000001F8483D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/socket.html#socket.socket.connect_ex
Source: user.exe, 00000002.00000002.3409026139.000001F847990000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
Source: user.exe, 00000002.00000003.2160391877.000001F847CB9000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3409186030.000001F847CB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: user.exe, 00000002.00000002.3408174927.000001F8457B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: user.exe, 00000002.00000002.3410228590.000001F848C10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/asweigart/pyperclip/issues/55
Source: user.exe, user.exe, 00000002.00000002.3412888104.00007FFD9F3E1000.00000002.00000001.01000000.00000019.sdmp, user.exe, 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmp, user.exe, 00000002.00000002.3410958266.00007FFD93C96000.00000002.00000001.01000000.00000018.sdmp, win32api.pyd.0.dr, pythoncom313.dll.0.dr, win32trace.pyd.0.dr, win32ui.pyd.0.dr, _win32sysloader.pyd.0.drString found in binary or memory: https://github.com/mhammond/pywin32
Source: user.exe, 00000002.00000002.3410228590.000001F848BDC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/psf/requests/pull/6710
Source: user.exe, 00000000.00000003.2134952192.000001E955DE7000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography
Source: user.exe, 00000000.00000003.2134952192.000001E955DE7000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/
Source: user.exe, 00000000.00000003.2134952192.000001E955DE7000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/actions?query=workflow%3ACI
Source: METADATA.0.dr, _rust.pyd.0.drString found in binary or memory: https://github.com/pyca/cryptography/issues
Source: _rust.pyd.0.drString found in binary or memory: https://github.com/pyca/cryptography/issues/8996
Source: _rust.pyd.0.drString found in binary or memory: https://github.com/pyca/cryptography/issues/9253
Source: user.exe, 00000000.00000003.2134952192.000001E955DE7000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main
Source: user.exe, 00000002.00000002.3408336405.000001F847124000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: user.exe, 00000002.00000002.3408174927.000001F8457B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: user.exe, 00000002.00000002.3408174927.000001F8457B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: user.exe, 00000002.00000003.2157638573.000001F8477A6000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.2157728627.000001F8477B8000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.2157877021.000001F847795000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3408755287.000001F8476FF000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.2158515942.000001F847768000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.2157782225.000001F847769000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.2157689910.000001F847768000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/issues/86361.
Source: user.exe, 00000002.00000002.3409767823.000001F8480A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/importlib_metadata/wiki/Development-Methodology
Source: user.exe, 00000002.00000002.3408174927.000001F8457B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: user.exe, 00000002.00000002.3409026139.000001F847990000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
Source: user.exe, 00000002.00000002.3408755287.000001F847690000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
Source: user.exe, 00000002.00000002.3409767823.000001F8480A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
Source: user.exe, 00000002.00000002.3409767823.000001F8480A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/3290
Source: user.exe, 00000002.00000002.3409186030.000001F847C78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/
Source: user.exe, 00000002.00000002.3409186030.000001F847BF5000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3409186030.000001F847C78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail
Source: user.exe, 00000002.00000002.3408755287.000001F847690000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail/
Source: user.exe, 00000002.00000002.3409186030.000001F847BF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/
Source: user.exe, 00000002.00000002.3409186030.000001F847C78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
Source: user.exe, 00000002.00000002.3409928858.000001F8482A0000.00000004.00001000.00020000.00000000.sdmp, user.exe, 00000002.00000003.2160667306.000001F848405000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3410010250.000001F848405000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3409186030.000001F847CB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
Source: user.exe, 00000002.00000002.3408755287.000001F8476FF000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.2157425379.000001F847765000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.2158515942.000001F847768000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.2157782225.000001F847769000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.2157689910.000001F847768000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
Source: user.exe, 00000000.00000003.2134952192.000001E955DE7000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://img.shields.io/pypi/v/cryptography.svg
Source: user.exe, 00000002.00000002.3408589562.000001F847350000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://json.org
Source: user.exe, 00000002.00000002.3409186030.000001F847D58000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.2160160747.000001F847D8F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
Source: user.exe, 00000000.00000003.2134952192.000001E955DE7000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://mail.python.org/mailman/listinfo/cryptography-dev
Source: user.exe, 00000002.00000002.3409687341.000001F847F90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/core-metadata/#core-metadata
Source: user.exe, 00000002.00000002.3408755287.000001F847852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/entry-points/#file-format
Source: user.exe, 00000002.00000002.3408755287.000001F847852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/recording-installed-packages/#the-record-file
Source: user.exe, 00000002.00000002.3409687341.000001F847F90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/specifications/entry-points/
Source: user.exe, 00000002.00000002.3408948014.000001F847890000.00000004.00001000.00020000.00000000.sdmp, user.exe, 00000002.00000003.2158515942.000001F84770C000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.2152930488.000001F845809000.00000004.00000020.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://peps.python.org/pep-0205/
Source: user.exe, 00000002.00000002.3412055684.00007FFD94678000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://peps.python.org/pep-0263/
Source: user.exe, 00000002.00000002.3410228590.000001F848C44000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pyperclip.readthedocs.io/en/latest/index.html#not-implemented-error
Source: user.exe, 00000000.00000003.2134952192.000001E955DE7000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://pypi.org/project/cryptography/
Source: user.exe, 00000000.00000003.2134952192.000001E955DE7000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://readthedocs.org/projects/cryptography/badge/?version=latest
Source: user.exe, 00000002.00000002.3409928858.000001F8482A0000.00000004.00001000.00020000.00000000.sdmp, user.exe, 00000002.00000002.3408755287.000001F8476FF000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.2157425379.000001F847765000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.2158515942.000001F847768000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.2157782225.000001F847769000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.2157689910.000001F847768000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
Source: user.exe, 00000002.00000002.3408755287.000001F8476FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: user.exe, 00000002.00000002.3408755287.000001F8476FF000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.2158515942.000001F8477A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7231#section-4.3.6)
Source: user.exe, 00000002.00000002.3409186030.000001F847BF5000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3409186030.000001F847C78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
Source: user.exe, 00000002.00000002.3409767823.000001F8480A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
Source: user.exe, 00000002.00000002.3409105783.000001F847A90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
Source: user.exe, 00000000.00000003.2135434533.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drString found in binary or memory: https://www.apache.org/licenses/
Source: user.exe, 00000000.00000003.2135511446.000001E955DF2000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2135434533.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2135390455.000001E955DF2000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drString found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0
Source: user.exe, 00000000.00000003.2139844041.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3413238640.00007FFDA3660000.00000002.00000001.01000000.0000000F.sdmp, user.exe, 00000002.00000002.3411790282.00007FFD94254000.00000002.00000001.01000000.0000000E.sdmp, libcrypto-3.dll.0.drString found in binary or memory: https://www.openssl.org/H
Source: user.exe, 00000002.00000002.3408755287.000001F8476FF000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.2157425379.000001F847765000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.2158515942.000001F847768000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.2157782225.000001F847769000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.2157689910.000001F847768000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
Source: user.exe, 00000002.00000002.3409186030.000001F847D58000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.2160160747.000001F847D8F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
Source: user.exe, 00000002.00000002.3412055684.00007FFD94678000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.python.org/psf/license/)
Source: user.exe, 00000002.00000002.3409186030.000001F847BF5000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3408755287.000001F8477E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc8259#section-8.1
Source: user.exe, 00000002.00000002.3410010250.000001F848405000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/
Source: user.exe, 00000002.00000002.3409186030.000001F847BF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: user.exe, 00000002.00000002.3409186030.000001F847BF5000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3409186030.000001F847C78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com/
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFD9F3C4F70 PyArg_ParseTuple,PyEval_SaveThread,GetKeyboardState,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyBytes_FromStringAndSize,2_2_00007FFD9F3C4F70
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFD9F3C5980 PyArg_ParseTuple,PyEval_SaveThread,ExitWindowsEx,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_NoneStruct,_Py_NoneStruct,2_2_00007FFD9F3C5980
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFD9F3C58E0 PyArg_ParseTuple,PyEval_SaveThread,ExitWindowsEx,PyEval_RestoreThread,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,_Py_NoneStruct,_Py_NoneStruct,2_2_00007FFD9F3C58E0
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF7157708C80_2_00007FF7157708C8
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF7157510000_2_00007FF715751000
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF7157589E00_2_00007FF7157589E0
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF7157769640_2_00007FF715776964
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF715775C000_2_00007FF715775C00
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF715769EA00_2_00007FF715769EA0
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF71576DEF00_2_00007FF71576DEF0
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF715775E7C0_2_00007FF715775E7C
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF7157635A00_2_00007FF7157635A0
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF715765D300_2_00007FF715765D30
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF715761D540_2_00007FF715761D54
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF71576E5700_2_00007FF71576E570
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF7157740AC0_2_00007FF7157740AC
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF7157680E40_2_00007FF7157680E4
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF7157718740_2_00007FF715771874
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF7157598000_2_00007FF715759800
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF7157797280_2_00007FF715779728
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF7157617400_2_00007FF715761740
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF715761F600_2_00007FF715761F60
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF7157687940_2_00007FF715768794
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF71575A2DB0_2_00007FF71575A2DB
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF71576DA5C0_2_00007FF71576DA5C
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF7157639A40_2_00007FF7157639A4
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF7157619440_2_00007FF715761944
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF7157621640_2_00007FF715762164
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF71575ACAD0_2_00007FF71575ACAD
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF7157764180_2_00007FF715776418
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF7157708C80_2_00007FF7157708C8
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF71575A4740_2_00007FF71575A474
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF715762C100_2_00007FF715762C10
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF715773C100_2_00007FF715773C10
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF715761B500_2_00007FF715761B50
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF7157510002_2_00007FF715751000
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF7157769642_2_00007FF715776964
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF715769EA02_2_00007FF715769EA0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF71576DEF02_2_00007FF71576DEF0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF715775E7C2_2_00007FF715775E7C
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF7157635A02_2_00007FF7157635A0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF715765D302_2_00007FF715765D30
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF715761D542_2_00007FF715761D54
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF71576E5702_2_00007FF71576E570
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF7157740AC2_2_00007FF7157740AC
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF7157708C82_2_00007FF7157708C8
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF7157680E42_2_00007FF7157680E4
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF7157718742_2_00007FF715771874
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF7157598002_2_00007FF715759800
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF7157797282_2_00007FF715779728
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF7157617402_2_00007FF715761740
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF715761F602_2_00007FF715761F60
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF7157687942_2_00007FF715768794
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF71575A2DB2_2_00007FF71575A2DB
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF71576DA5C2_2_00007FF71576DA5C
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF7157639A42_2_00007FF7157639A4
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF7157589E02_2_00007FF7157589E0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF7157619442_2_00007FF715761944
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF7157621642_2_00007FF715762164
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF71575ACAD2_2_00007FF71575ACAD
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF7157764182_2_00007FF715776418
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF7157708C82_2_00007FF7157708C8
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF71575A4742_2_00007FF71575A474
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF715775C002_2_00007FF715775C00
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF715762C102_2_00007FF715762C10
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF715773C102_2_00007FF715773C10
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF715761B502_2_00007FF715761B50
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFD93C08A302_2_00007FFD93C08A30
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFD93C232302_2_00007FFD93C23230
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFD93C237802_2_00007FFD93C23780
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFD93C2F6902_2_00007FFD93C2F690
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFD93C1DA902_2_00007FFD93C1DA90
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFD93C31FC02_2_00007FFD93C31FC0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFD93C323002_2_00007FFD93C32300
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFD93C085E02_2_00007FFD93C085E0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFD93BF85502_2_00007FFD93BF8550
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFD93C384A02_2_00007FFD93C384A0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFD93C1CB702_2_00007FFD93C1CB70
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFD93C1A8802_2_00007FFD93C1A880
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFD93C2ECC02_2_00007FFD93C2ECC0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFD93CB13002_2_00007FFD93CB1300
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFD93CB22702_2_00007FFD93CB2270
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFD93CB19502_2_00007FFD93CB1950
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFD9F3C43F02_2_00007FFD9F3C43F0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFD9F3C39302_2_00007FFD9F3C3930
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFD9F3C35402_2_00007FFD9F3C3540
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA357C8402_2_00007FFDA357C840
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA3573A502_2_00007FFDA3573A50
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35810A02_2_00007FFDA35810A0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1D932_2_00007FFDA35A1D93
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A116D2_2_00007FFDA35A116D
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A87202_2_00007FFDA35A8720
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A16FE2_2_00007FFDA35A16FE
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A26172_2_00007FFDA35A2617
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1A0F2_2_00007FFDA35A1A0F
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A16182_2_00007FFDA35A1618
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA36188702_2_00007FFDA3618870
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1EE22_2_00007FFDA35A1EE2
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35D89202_2_00007FFDA35D8920
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A117C2_2_00007FFDA35A117C
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1B542_2_00007FFDA35A1B54
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA361AC802_2_00007FFDA361AC80
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1CBC2_2_00007FFDA35A1CBC
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A149C2_2_00007FFDA35A149C
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA360D2D02_2_00007FFDA360D2D0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A17F82_2_00007FFDA35A17F8
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A24DC2_2_00007FFDA35A24DC
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A27022_2_00007FFDA35A2702
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA36136502_2_00007FFDA3613650
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1C122_2_00007FFDA35A1C12
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35E5C002_2_00007FFDA35E5C00
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A155A2_2_00007FFDA35A155A
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35E9A602_2_00007FFDA35E9A60
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35CBAE02_2_00007FFDA35CBAE0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35ED9802_2_00007FFDA35ED980
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A15962_2_00007FFDA35A1596
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A13DE2_2_00007FFDA35A13DE
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A21C62_2_00007FFDA35A21C6
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A16542_2_00007FFDA35A1654
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35C60302_2_00007FFDA35C6030
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1AD72_2_00007FFDA35A1AD7
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A15462_2_00007FFDA35A1546
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A21E42_2_00007FFDA35A21E4
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35EDE502_2_00007FFDA35EDE50
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A1FDC2_2_00007FFDA35A1FDC
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA367BF742_2_00007FFDA367BF74
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA36787342_2_00007FFDA3678734
Source: C:\Users\user\Desktop\user.exeCode function: String function: 00007FFDA361D32F appears 327 times
Source: C:\Users\user\Desktop\user.exeCode function: String function: 00007FFDA361DB03 appears 45 times
Source: C:\Users\user\Desktop\user.exeCode function: String function: 00007FFDA3573900 appears 116 times
Source: C:\Users\user\Desktop\user.exeCode function: String function: 00007FFDA361D33B appears 43 times
Source: C:\Users\user\Desktop\user.exeCode function: String function: 00007FFD93BF4250 appears 68 times
Source: C:\Users\user\Desktop\user.exeCode function: String function: 00007FF715752910 appears 34 times
Source: C:\Users\user\Desktop\user.exeCode function: String function: 00007FFDA361D341 appears 1193 times
Source: C:\Users\user\Desktop\user.exeCode function: String function: 00007FFD93BF4BF0 appears 77 times
Source: C:\Users\user\Desktop\user.exeCode function: String function: 00007FFDA354C400 appears 47 times
Source: C:\Users\user\Desktop\user.exeCode function: String function: 00007FFDA35A1325 appears 471 times
Source: C:\Users\user\Desktop\user.exeCode function: String function: 00007FFDA361D425 appears 48 times
Source: C:\Users\user\Desktop\user.exeCode function: String function: 00007FFDA3573880 appears 51 times
Source: C:\Users\user\Desktop\user.exeCode function: String function: 00007FF715752710 appears 104 times
Source: C:\Users\user\Desktop\user.exeCode function: String function: 00007FFD93C089C0 appears 248 times
Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: python3.dll.0.drStatic PE information: No import functions for PE file found
Source: user.exe, 00000000.00000003.2133086787.000001E955DE4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs user.exe
Source: user.exe, 00000000.00000003.2131357059.000001E955DE3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32ui.pyd0 vs user.exe
Source: user.exe, 00000000.00000003.2146517231.000001E955DE4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs user.exe
Source: user.exe, 00000000.00000003.2140585600.000001E955DE4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs user.exe
Source: user.exe, 00000000.00000002.3408114084.000001E955DF1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32trace.pyd0 vs user.exe
Source: user.exe, 00000000.00000003.2149332664.000001E955DE4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32trace.pyd0 vs user.exe
Source: user.exe, 00000000.00000003.2147833873.000001E955DF1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_win32sysloader.pyd0 vs user.exe
Source: user.exe, 00000000.00000003.2132601731.000001E955DE4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs user.exe
Source: user.exe, 00000000.00000003.2145799140.000001E955DE4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs user.exe
Source: user.exe, 00000000.00000003.2132811903.000001E955DE4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs user.exe
Source: user.exe, 00000000.00000003.2139844041.000001E955DE4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs user.exe
Source: user.exe, 00000000.00000003.2148730570.000001E955DE4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_win32sysloader.pyd0 vs user.exe
Source: user.exe, 00000000.00000003.2133211391.000001E955DE4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs user.exe
Source: user.exe, 00000000.00000003.2133414750.000001E955DE4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs user.exe
Source: user.exe, 00000000.00000003.2132971103.000001E955DE4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs user.exe
Source: user.exe, 00000000.00000003.2132300774.000001E955DE3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs user.exe
Source: user.exe, 00000000.00000003.2133809062.000001E955DE4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_wmi.pyd. vs user.exe
Source: user.exe, 00000000.00000003.2144073335.000001E955DE4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepythoncom313.dll0 vs user.exe
Source: user.exe, 00000000.00000003.2133297330.000001E955DE4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs user.exe
Source: user.exe, 00000000.00000003.2132198027.000001E955DE3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs user.exe
Source: user.exe, 00000000.00000003.2149198471.000001E955DE4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32api.pyd0 vs user.exe
Source: user.exe, 00000000.00000003.2149332664.000001E955DF1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32trace.pyd0 vs user.exe
Source: user.exe, 00000000.00000003.2145628033.000001E955DE4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepywintypes313.dll0 vs user.exe
Source: user.exe, 00000000.00000003.2132050963.000001E955DE3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs user.exe
Source: user.exeBinary or memory string: OriginalFilename vs user.exe
Source: user.exe, 00000002.00000002.3412791318.00007FFD948B0000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenamepython313.dll. vs user.exe
Source: user.exe, 00000002.00000002.3414475344.00007FFDA54B6000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs user.exe
Source: user.exe, 00000002.00000002.3413985072.00007FFDA4638000.00000002.00000001.01000000.00000015.sdmpBinary or memory string: OriginalFilename_wmi.pyd. vs user.exe
Source: user.exe, 00000002.00000002.3412888104.00007FFD9F3E1000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: OriginalFilenamewin32api.pyd0 vs user.exe
Source: user.exe, 00000002.00000002.3413535138.00007FFDA36C3000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs user.exe
Source: user.exe, 00000002.00000002.3414256126.00007FFDA547A000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs user.exe
Source: user.exe, 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs user.exe
Source: user.exe, 00000002.00000002.3413724236.00007FFDA3FD9000.00000002.00000001.01000000.00000016.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs user.exe
Source: user.exe, 00000002.00000002.3411138623.00007FFD93D5C000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs user.exe
Source: user.exe, 00000002.00000002.3413812063.00007FFDA4173000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs user.exe
Source: user.exe, 00000002.00000002.3414141756.00007FFDA4DA6000.00000002.00000001.01000000.00000011.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs user.exe
Source: user.exe, 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: OriginalFilenamepywintypes313.dll0 vs user.exe
Source: user.exe, 00000002.00000002.3408463161.000001F8471B0000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs user.exe
Source: user.exe, 00000002.00000002.3413238640.00007FFDA3660000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: OriginalFilenamelibsslH vs user.exe
Source: user.exe, 00000002.00000002.3414375655.00007FFDA549D000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs user.exe
Source: user.exe, 00000002.00000002.3413635140.00007FFDA36EE000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs user.exe
Source: user.exe, 00000002.00000002.3410958266.00007FFD93C96000.00000002.00000001.01000000.00000018.sdmpBinary or memory string: OriginalFilenamepythoncom313.dll0 vs user.exe
Source: user.exe, 00000002.00000002.3413901141.00007FFDA4342000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs user.exe
Source: user.exe, 00000002.00000002.3411790282.00007FFD94254000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs user.exe
Source: classification engineClassification label: mal60.troj.evad.winEXE@3/41@1/1
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFD9F3C3930 PyArg_ParseTuple,GetLastError,?PyWin_GetErrorMessageModule@@YAPEAUHINSTANCE__@@K@Z,FormatMessageW,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z,PyErr_Clear,PyArg_ParseTuple,?PyWinObject_AsHANDLE@@YAHPEAU_object@@PEAPEAX@Z,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,?PyWinSequence_Tuple@@YAPEAU_object@@PEAU1@PEAK@Z,malloc,PyErr_NoMemory,memset,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyEval_SaveThread,FormatMessageW,PyEval_RestoreThread,PyExc_SystemError,PyErr_SetString,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,free,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,LocalFree,_Py_Dealloc,2_2_00007FFD9F3C3930
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFD9F3C4C00 _Py_NoneStruct,PyArg_ParseTuple,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyEval_SaveThread,GetDiskFreeSpaceW,PyEval_RestoreThread,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,Py_BuildValue,2_2_00007FFD9F3C4C00
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFD93C01330 PyArg_ParseTuple,?PyWinObject_AsIID@@YAHPEAU_object@@PEAU_GUID@@@Z,?PyWinObject_AsIID@@YAHPEAU_object@@PEAU_GUID@@@Z,PyObject_IsInstance,PyErr_Occurred,PyExc_TypeError,PyErr_SetString,PyObject_IsInstance,PyExc_ValueError,PyErr_Format,PyErr_SetString,PyEval_SaveThread,PyEval_RestoreThread,PyObject_GetAttrString,PyErr_Clear,PyExc_TypeError,PyErr_SetString,PyObject_IsInstance,PyExc_ValueError,PyErr_Format,PyErr_SetString,PyEval_SaveThread,PyEval_RestoreThread,_Py_Dealloc,PyEval_SaveThread,CoCreateInstance,PyEval_RestoreThread,_Py_NoneStruct,_Py_NoneStruct,?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z,PyDict_GetItem,_Py_Dealloc,PyErr_Clear,PyExc_TypeError,PyErr_SetString,PyEval_SaveThread,PyEval_RestoreThread,PyObject_IsSubclass,2_2_00007FFD93C01330
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFD9F3CCBB0 PyArg_ParseTuple,?PyWinObject_AsHANDLE@@YAHPEAU_object@@PEAPEAX@Z,?PyWinObject_AsResourceId@@YAHPEAU_object@@PEAPEA_WH@Z,?PyWinObject_AsResourceId@@YAHPEAU_object@@PEAPEA_WH@Z,FindResourceExW,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,SizeofResource,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,LoadResource,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,LockResource,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,PyBytes_FromStringAndSize,?PyWinObject_FreeResourceId@@YAXPEA_W@Z,?PyWinObject_FreeResourceId@@YAXPEA_W@Z,2_2_00007FFD9F3CCBB0
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\Desktop\errors.logJump to behavior
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI24482Jump to behavior
Source: user.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\user.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Architecture FROM Win32_Processor
Source: C:\Users\user\Desktop\user.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: user.exeVirustotal: Detection: 12%
Source: C:\Users\user\Desktop\user.exeFile read: C:\Users\user\Desktop\user.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\user.exe "C:\Users\user\Desktop\user.exe"
Source: C:\Users\user\Desktop\user.exeProcess created: C:\Users\user\Desktop\user.exe "C:\Users\user\Desktop\user.exe"
Source: C:\Users\user\Desktop\user.exeProcess created: C:\Users\user\Desktop\user.exe "C:\Users\user\Desktop\user.exe"Jump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: libffi-8.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: libcrypto-3.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: libssl-3.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\user.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: user.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: user.exeStatic file information: File size 15746174 > 1048576
Source: user.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: user.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: user.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: user.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: user.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: user.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: user.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: user.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdb source: mfc140u.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: user.exe, 00000000.00000003.2146517231.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3411011151.00007FFD93D57000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: user.exe, 00000002.00000002.3411559326.00007FFD941AA000.00000002.00000001.01000000.0000000E.sdmp, libcrypto-3.dll.0.dr
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\_win32sysloader.pdb source: user.exe, 00000000.00000003.2148730570.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, _win32sysloader.pyd.0.dr
Source: Binary string: D:\a\1\b\libssl-3.pdbDD source: user.exe, 00000002.00000002.3413193437.00007FFDA3625000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\win32ui.pdbOO source: win32ui.pyd.0.dr
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\pywintypes.pdb** source: user.exe, 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb(('GCTL source: user.exe, 00000000.00000003.2133809062.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3413952189.00007FFDA4634000.00000002.00000001.01000000.00000015.sdmp, _wmi.pyd.0.dr
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.15 3 Sep 20243.0.15built on: Wed Sep 4 15:52:04 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"userSDIR: "C:\Program Files\OpenSSL\lib\users-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_p
Source: Binary string: crypto\bn\bn_ctx.cBN_CTX_startBN_CTX_getossl_ec_group_new_excrypto\ec\ec_lib.cEC_GROUP_copyEC_GROUP_set_generatorEC_GROUP_set_curveEC_GROUP_get_curveEC_GROUP_get_degreeEC_GROUP_check_discriminantEC_POINT_newEC_POINT_copyEC_POINT_set_to_infinityEC_POINT_set_Jprojective_coordinates_GFpEC_POINT_set_affine_coordinatesEC_POINT_get_affine_coordinatesEC_POINT_addEC_POINT_dblEC_POINT_invertEC_POINT_is_at_infinityEC_POINT_is_on_curveEC_POINT_cmpEC_POINT_mulEC_GROUP_get_trinomial_basisEC_GROUP_get_pentanomial_basisgroup_new_from_nameossl_ec_group_set_paramsencodingdecoded-from-explicitEC_GROUP_new_from_paramsgeneratorcrypto\evp\digest.cevp_md_ctx_new_exevp_md_ctx_free_algctxevp_md_init_internalEVP_DigestUpdatesizeEVP_DigestFinal_exassertion failed: mdsize <= EVP_MAX_MD_SIZEEVP_DigestFinalXOFxoflenEVP_MD_CTX_copy_exEVP_MD_CTX_ctrlmicalgssl3-msblocksizexofalgid-absentevp_md_from_algorithmupdatecrypto\evp\m_sigver.cUNDEFdo_sigver_initEVP_DigestSignUpdateEVP_DigestVerifyUpdateEVP_DigestSignFinalEVP_DigestSignEVP_DigestVerifyFinalEVP_DigestVerifycompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"3.3.2built on: Fri Oct 18 00:15:00 2024 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"userSDIR: "C:\Program Files\OpenSSL\lib\users-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availablecrypto\init.cOPENSSL_init_cryptocrypto\bio\bio_lib.cBIO_new_exbio_read_internbio_write_internBIO_sendmmsgBIO_recvmmsgBIO_putsBIO_getsBIO_get_line BIO_ctrlBIO_callback_ctrlBIO_find_type source: _rust.pyd.0.dr
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\pythoncom.pdb}},GCTL source: user.exe, 00000002.00000002.3410864735.00007FFD93C4E000.00000002.00000001.01000000.00000018.sdmp, pythoncom313.dll.0.dr
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\win32trace.pdb source: user.exe, 00000000.00000003.2149332664.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, win32trace.pyd.0.dr
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\win32ui.pdb source: win32ui.pyd.0.dr
Source: Binary string: ossl_ec_GFp_simple_group_set_curvecrypto\ec\ecp_smpl.cossl_ec_GFp_simple_group_check_discriminantossl_ec_GFp_simple_point_set_affine_coordinatesossl_ec_GFp_simple_point_get_affine_coordinatesossl_ec_GFp_simple_make_affineossl_ec_GFp_simple_points_make_affineossl_ec_GFp_simple_field_invossl_ec_GFp_simple_blind_coordinatescrypto\user\tb_digest.cuser_get_digestcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specific.dllCPUINFO: crypto\initthread.cOPENSSL_ia32cap source: _rust.pyd.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: user.exe, 00000000.00000003.2132050963.000001E955DE3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3414197760.00007FFDA5474000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: user.exe, 00000002.00000002.3411559326.00007FFD94112000.00000002.00000001.01000000.0000000E.sdmp, libcrypto-3.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: user.exe, 00000000.00000003.2132050963.000001E955DE3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3414197760.00007FFDA5474000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\win32api.pdb!! source: user.exe, 00000002.00000002.3412855086.00007FFD9F3D3000.00000002.00000001.01000000.00000019.sdmp, win32api.pyd.0.dr
Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: user.exe, 00000002.00000002.3411559326.00007FFD941AA000.00000002.00000001.01000000.0000000E.sdmp, libcrypto-3.dll.0.dr
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\win32api.pdb source: user.exe, 00000002.00000002.3412855086.00007FFD9F3D3000.00000002.00000001.01000000.00000019.sdmp, win32api.pyd.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: _rust.pyd.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: user.exe, 00000000.00000003.2132198027.000001E955DE3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3413689442.00007FFDA3FD5000.00000002.00000001.01000000.00000016.sdmp, VCRUNTIME140_1.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: user.exe, 00000000.00000003.2145799140.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3414439896.00007FFDA54B3000.00000002.00000001.01000000.0000000C.sdmp, select.pyd.0.dr
Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\mfc140u.amd64.pdbGCTL source: mfc140u.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: user.exe, 00000002.00000002.3413597400.00007FFDA36E3000.00000002.00000001.01000000.00000007.sdmp, _ctypes.pyd.0.dr
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\pywintypes.pdb source: user.exe, 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: user.exe, 00000000.00000003.2132971103.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3414328389.00007FFDA5496000.00000002.00000001.01000000.00000010.sdmp, _hashlib.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: user.exe, 00000000.00000003.2133086787.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3413478524.00007FFDA36BB000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: user.exe, 00000000.00000003.2133211391.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3414106726.00007FFDA4DA3000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: D:\a\pywin32\pywin32\build\temp.win-amd64-cpython-313\Release\pythoncom.pdb source: user.exe, 00000002.00000002.3410864735.00007FFD93C4E000.00000002.00000001.01000000.00000018.sdmp, pythoncom313.dll.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: user.exe, 00000000.00000003.2133086787.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3413478524.00007FFDA36BB000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: user.exe, 00000000.00000003.2132300774.000001E955DE3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3413866301.00007FFDA433D000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: user.exe, 00000000.00000003.2133809062.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3413952189.00007FFDA4634000.00000002.00000001.01000000.00000015.sdmp, _wmi.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: user.exe, 00000000.00000003.2133297330.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3413777754.00007FFDA4169000.00000002.00000001.01000000.0000000B.sdmp, _socket.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: user.exe, 00000000.00000003.2140585600.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3408463161.000001F8471B0000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\python313.pdb source: user.exe, 00000002.00000002.3412055684.00007FFD94678000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: user.exe, 00000000.00000003.2132198027.000001E955DE3000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3413689442.00007FFDA3FD5000.00000002.00000001.01000000.00000016.sdmp, VCRUNTIME140_1.dll.0.dr
Source: Binary string: D:\a\1\b\libssl-3.pdb source: user.exe, 00000002.00000002.3413193437.00007FFDA3625000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: user.exe, 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmp, _ssl.pyd.0.dr
Source: user.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: user.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: user.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: user.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: user.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: VCRUNTIME140.dll.0.drStatic PE information: 0x78BDDED1 [Sat Mar 11 17:01:05 2034 UTC]
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFD93C07B40 PyArg_ParseTuple,?PyWinLong_AsVoidPtr@@YAHPEAU_object@@PEAPEAX@Z,?PyWinLong_AsVoidPtr@@YAHPEAU_object@@PEAPEAX@Z,?PyWinObject_AsIID@@YAHPEAU_object@@PEAU_GUID@@@Z,LoadLibraryW,GetProcAddress,PyExc_NotImplementedError,PyErr_Format,PyEval_SaveThread,PyEval_RestoreThread,_Py_NoneStruct,_Py_NoneStruct,?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z,PyEval_SaveThread,PyEval_RestoreThread,PyDict_GetItem,_Py_Dealloc,PyErr_Clear,PyObject_IsSubclass,PyExc_TypeError,PyErr_SetString,PyEval_SaveThread,PyEval_RestoreThread,2_2_00007FFD93C07B40
Source: mfc140u.dll.0.drStatic PE information: section name: .didat
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: fothk
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
Source: libcrypto-3.dll.0.drStatic PE information: section name: .00cfg
Source: libssl-3.dll.0.drStatic PE information: section name: .00cfg
Source: python313.dll.0.drStatic PE information: section name: PyRuntim
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35C4331 push rcx; ret 2_2_00007FFDA35C4332

Persistence and Installation Behavior

barindex
Found pyInstaller with non standard icon
Source: C:\Users\user\Desktop\user.exeProcess created: "C:\Users\user\Desktop\user.exe"
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI24482\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI24482\Pythonwin\win32ui.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI24482\python3.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI24482\cryptography\hazmat\bindings\_rust.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI24482\win32\_win32sysloader.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI24482\win32\win32trace.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI24482\win32\win32api.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI24482\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI24482\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI24482\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI24482\libffi-8.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI24482\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI24482\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI24482\libssl-3.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI24482\python313.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI24482\pywin32_system32\pywintypes313.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI24482\_wmi.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI24482\_cffi_backend.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI24482\charset_normalizer\md.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI24482\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI24482\pywin32_system32\pythoncom313.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI24482\libcrypto-3.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI24482\select.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI24482\VCRUNTIME140_1.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI24482\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI24482\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI24482\Pythonwin\mfc140u.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI24482\charset_normalizer\md__mypyc.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI24482\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF7157576C0 GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,0_2_00007FF7157576C0
Source: C:\Users\user\Desktop\user.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35E8816 sgdt fword ptr [rax]2_2_00007FFDA35E8816
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI24482\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI24482\Pythonwin\win32ui.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI24482\python3.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI24482\cryptography\hazmat\bindings\_rust.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI24482\win32\_win32sysloader.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI24482\win32\win32trace.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI24482\win32\win32api.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI24482\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI24482\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI24482\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI24482\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI24482\python313.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI24482\pywin32_system32\pywintypes313.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI24482\_wmi.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI24482\_cffi_backend.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI24482\charset_normalizer\md.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI24482\pywin32_system32\pythoncom313.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI24482\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI24482\select.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI24482\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI24482\Pythonwin\mfc140u.dllJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI24482\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI24482\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI24482\charset_normalizer\md__mypyc.cp313-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\user.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-17263
Source: C:\Users\user\Desktop\user.exeAPI coverage: 1.2 %
Source: C:\Users\user\Desktop\user.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Architecture FROM Win32_Processor
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF715759280 FindFirstFileExW,FindClose,0_2_00007FF715759280
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF715771874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF715771874
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF7157583C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF7157583C0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF715759280 FindFirstFileExW,FindClose,2_2_00007FF715759280
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF715771874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_00007FF715771874
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF7157583C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,2_2_00007FF7157583C0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFD9F3C3540 PyArg_ParseTuple,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyList_New,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,FindFirstFileW,GetLastError,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,?PyObject_FromWIN32_FIND_DATAW@@YAPEAU_object@@PEAU_WIN32_FIND_DATAW@@@Z,PyList_Append,_Py_Dealloc,FindNextFileW,GetLastError,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,FindClose,_Py_Dealloc,2_2_00007FFD9F3C3540
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFD9F3C53D0 PyArg_ParseTuple,GetLogicalDriveStringsW,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,GetLogicalDriveStringsW,?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W_J@Z,2_2_00007FFD9F3C53D0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFD9F3C6440 PyArg_ParseTuple,GetSystemInfo,PyLong_FromUnsignedLongLong,?PyWinLong_FromVoidPtr@@YAPEAU_object@@PEBX@Z,?PyWinLong_FromVoidPtr@@YAPEAU_object@@PEBX@Z,Py_BuildValue,2_2_00007FFD9F3C6440
Source: user.exe, 00000000.00000003.2134380190.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, cacert.pem.0.drBinary or memory string: j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
Source: user.exe, 00000002.00000003.2158515942.000001F84770C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: user.exe, 00000002.00000002.3410228590.000001F848C44000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: ro.kernel.qemu
Source: user.exe, 00000002.00000002.3410228590.000001F848C44000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: dro.kernel.qemu
Source: user.exe, 00000002.00000002.3408755287.000001F8476FF000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.2158515942.000001F84770C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: cacert.pem.0.drBinary or memory string: zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF71576A614 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF71576A614
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFD93C07B40 PyArg_ParseTuple,?PyWinLong_AsVoidPtr@@YAHPEAU_object@@PEAPEAX@Z,?PyWinLong_AsVoidPtr@@YAHPEAU_object@@PEAPEAX@Z,?PyWinObject_AsIID@@YAHPEAU_object@@PEAU_GUID@@@Z,LoadLibraryW,GetProcAddress,PyExc_NotImplementedError,PyErr_Format,PyEval_SaveThread,PyEval_RestoreThread,_Py_NoneStruct,_Py_NoneStruct,?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z,PyEval_SaveThread,PyEval_RestoreThread,PyDict_GetItem,_Py_Dealloc,PyErr_Clear,PyObject_IsSubclass,PyExc_TypeError,PyErr_SetString,PyEval_SaveThread,PyEval_RestoreThread,2_2_00007FFD93C07B40
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF715773480 GetProcessHeap,0_2_00007FF715773480
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF71576A614 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF71576A614
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF71575C8A0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF71575C8A0
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF71575D30C SetUnhandledExceptionFilter,0_2_00007FF71575D30C
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF71575D12C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF71575D12C
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF71576A614 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF71576A614
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF71575C8A0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF71575C8A0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF71575D30C SetUnhandledExceptionFilter,2_2_00007FF71575D30C
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FF71575D12C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF71575D12C
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFD93C4B3F4 SetUnhandledExceptionFilter,2_2_00007FFD93C4B3F4
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFD93C4B20C IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFD93C4B20C
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFD93C4A874 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFD93C4A874
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFD93CB3248 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFD93CB3248
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFD93CB2C90 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFD93CB2C90
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFD9F3D1A98 SetUnhandledExceptionFilter,2_2_00007FFD9F3D1A98
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFD9F3D0CAC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFD9F3D0CAC
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFD9F3D18B0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFD9F3D18B0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA354FBFC SetUnhandledExceptionFilter,2_2_00007FFDA354FBFC
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA354FA14 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFDA354FA14
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA354E8FC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFDA354E8FC
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35849A8 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFDA35849A8
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35843F0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FFDA35843F0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA35A212B IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFDA35A212B
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA367339C IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FFDA367339C
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFD9F3CDC70 PyArg_ParseTuple,PyEval_SaveThread,keybd_event,PyEval_RestoreThread,_Py_NoneStruct,_Py_NoneStruct,2_2_00007FFD9F3CDC70
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFD9F3CDD10 PyArg_ParseTuple,PyEval_SaveThread,mouse_event,PyEval_RestoreThread,_Py_NoneStruct,_Py_NoneStruct,2_2_00007FFD9F3CDD10
Source: C:\Users\user\Desktop\user.exeProcess created: C:\Users\user\Desktop\user.exe "C:\Users\user\Desktop\user.exe"Jump to behavior
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA3547EB0 PyArg_ParseTuple,PyExc_TypeError,PyErr_SetString,GetSecurityDescriptorDacl,free,SetSecurityDescriptorDacl,GetSecurityDescriptorOwner,free,GetSecurityDescriptorGroup,free,free,free,2_2_00007FFDA3547EB0
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFDA3548D60 PyArg_ParseTuple,PyErr_Clear,PyArg_ParseTuple,PyErr_Clear,PyArg_ParseTuple,PySequence_Check,PyExc_TypeError,PyErr_SetString,PySequence_Size,PySequence_Tuple,PyArg_ParseTuple,_Py_Dealloc,AllocateAndInitializeSid,PyExc_ValueError,PyErr_SetString,_Py_NewReference,malloc,memset,memcpy,2_2_00007FFDA3548D60
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF715779570 cpuid 0_2_00007FF715779570
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\Pythonwin VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\certifi VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\cryptography-43.0.3.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\cryptography-43.0.3.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\cryptography-43.0.3.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\cryptography-43.0.3.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\cryptography-43.0.3.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\cryptography-43.0.3.dist-info\license_files VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\cryptography-43.0.3.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\_ctypes.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\_bz2.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\_lzma.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\Pythonwin VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\_socket.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\select.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\_ssl.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\Pythonwin VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\Pythonwin VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\_hashlib.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\_queue.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\Pythonwin VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\Pythonwin VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\Pythonwin VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\Pythonwin VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\Pythonwin VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\charset_normalizer\md__mypyc.cp313-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\unicodedata.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\certifi VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482\win32\win32api.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI24482 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\gen_py\3.13\__init__.py VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\AppData\Local\Temp\gen_py\3.13\dicts.dat VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\errors.log VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeQueries volume information: C:\Users\user\Desktop\user.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF71575D010 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF71575D010
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFD9F3C4200 PyArg_ParseTuple,GetUserNameW,?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z,?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z,2_2_00007FFD9F3C4200
Source: C:\Users\user\Desktop\user.exeCode function: 0_2_00007FF715775C00 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF715775C00
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFD9F3C7850 PyArg_ParseTuple,GetVersion,Py_BuildValue,2_2_00007FFD9F3C7850
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFD93C03430 PyArg_ParseTuple,?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z,PyObject_IsInstance,PyExc_ValueError,PyErr_Format,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,PyErr_SetString,PyEval_SaveThread,PyEval_RestoreThread,CreateBindCtx,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,_Py_NoneStruct,_Py_NoneStruct,?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z,PyDict_GetItem,_Py_Dealloc,PyErr_Clear,PyExc_TypeError,PyErr_SetString,PyEval_SaveThread,PyEval_RestoreThread,PyObject_IsSubclass,PyEval_SaveThread,MkParseDisplayName,PyEval_RestoreThread,?PyWinObject_FreeWCHAR@@YAXPEA_W@Z,_Py_Dealloc,_Py_NoneStruct,_Py_NoneStruct,?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z,PyDict_GetItem,_Py_Dealloc,PyErr_Clear,PyExc_TypeError,PyErr_SetString,PyEval_SaveThread,PyEval_RestoreThread,PyObject_IsSubclass,Py_BuildValue,2_2_00007FFD93C03430
Source: C:\Users\user\Desktop\user.exeCode function: 2_2_00007FFD93C04620 PyArg_ParseTuple,PyEval_SaveThread,CreateBindCtx,PyEval_RestoreThread,_Py_NoneStruct,_Py_NoneStruct,?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z,PyEval_SaveThread,PyEval_RestoreThread,PyDict_GetItem,_Py_Dealloc,PyErr_Clear,PyObject_IsSubclass,PyExc_TypeError,PyErr_SetString,PyEval_SaveThread,PyEval_RestoreThread,2_2_00007FFD93C04620

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
Windows Management Instrumentation		1
Scheduled Task/Job		11
Process Injection		1
Masquerading		11
Input Capture		2
System Time Discovery		Remote Services11
Input Capture		1
Web Service		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault Accounts1
Scheduled Task/Job		1
DLL Side-Loading		1
Scheduled Task/Job		2
Virtualization/Sandbox Evasion		LSASS Memory31
Security Software Discovery		Remote Desktop Protocol1
Archive Collected Data		22
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts2
Native API		Logon Script (Windows)1
DLL Side-Loading		11
Process Injection		Security Account Manager2
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive1
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Deobfuscate/Decode Files or Information		NTDS1
Account Discovery		Distributed Component Object ModelInput Capture2
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
Obfuscated Files or Information		LSA Secrets1
System Owner/User Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Timestomp		Cached Domain Credentials2
File and Directory Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
DLL Side-Loading		DCSync26
System Information Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
user.exe12%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\_MEI24482\Pythonwin\mfc140u.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI24482\Pythonwin\win32ui.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI24482\VCRUNTIME140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI24482\VCRUNTIME140_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI24482\_bz2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI24482\_cffi_backend.cp313-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI24482\_ctypes.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI24482\_decimal.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI24482\_hashlib.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI24482\_lzma.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI24482\_queue.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI24482\_socket.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI24482\_ssl.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI24482\_wmi.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI24482\charset_normalizer\md.cp313-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI24482\charset_normalizer\md__mypyc.cp313-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI24482\cryptography\hazmat\bindings\_rust.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI24482\libcrypto-3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI24482\libffi-8.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI24482\libssl-3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI24482\python3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI24482\python313.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI24482\pywin32_system32\pythoncom313.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI24482\pywin32_system32\pywintypes313.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI24482\select.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI24482\unicodedata.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI24482\win32\_win32sysloader.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI24482\win32\win32api.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI24482\win32\win32trace.pyd0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
api.telegram.org
149.154.167.220
truefalse
    		high

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    https://github.com/asweigart/pyperclip/issues/55user.exe, 00000002.00000002.3410228590.000001F848C10000.00000004.00001000.00020000.00000000.sdmpfalse
      		high
      https://github.com/pyca/cryptography/issues/8996_rust.pyd.0.drfalse
        		high
        https://api.telegram.org/botuser.exe, 00000002.00000002.3409026139.000001F847990000.00000004.00001000.00020000.00000000.sdmpfalse
          		high
          https://api.telegram.org/bot8198088572:AAHwnTyia_2pAX94h0pkYLAjGks3YjPwP0M/sendMessageuser.exe, 00000002.00000002.3410228590.000001F848C44000.00000004.00001000.00020000.00000000.sdmp, user.exe, 00000002.00000002.3410407213.000001F848D50000.00000004.00001000.00020000.00000000.sdmpfalse
            		high
            https://github.com/mhammond/pywin32user.exe, user.exe, 00000002.00000002.3412888104.00007FFD9F3E1000.00000002.00000001.01000000.00000019.sdmp, user.exe, 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmp, user.exe, 00000002.00000002.3410958266.00007FFD93C96000.00000002.00000001.01000000.00000018.sdmp, win32api.pyd.0.dr, pythoncom313.dll.0.dr, win32trace.pyd.0.dr, win32ui.pyd.0.dr, _win32sysloader.pyd.0.drfalse
              		high
              http://repository.swisssign.com/0user.exe, 00000002.00000002.3408589562.000001F847350000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#user.exe, 00000002.00000002.3408174927.000001F8457B7000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://github.com/pyca/cryptography/actions?query=workflow%3ACIuser.exe, 00000000.00000003.2134952192.000001E955DE7000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                    		high
                    https://packaging.python.org/en/latest/specifications/recording-installed-packages/#the-record-fileuser.exe, 00000002.00000002.3408755287.000001F847852000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://tools.ietf.org/html/rfc2388#section-4.4user.exe, 00000002.00000002.3408755287.000001F8476FF000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://www.apache.org/licenses/LICENSE-2.0user.exe, 00000000.00000003.2135511446.000001E955DF2000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2135434533.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2135390455.000001E955DF2000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drfalse
                          		high
                          https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64user.exe, 00000002.00000003.2158458420.000001F847826000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3408755287.000001F8477E5000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://packaging.python.org/en/latest/specifications/entry-points/#file-formatuser.exe, 00000002.00000002.3408755287.000001F847852000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              http://crl.dhimyotis.com/certignarootca.crlIuser.exe, 00000002.00000002.3409186030.000001F847BF5000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963user.exe, 00000002.00000002.3409026139.000001F847990000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		high
                                  http://cacerts.digiuser.exe, 00000000.00000003.2146517231.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2147833873.000001E955DF1000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000000.00000003.2133414750.000001E955DE4000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    http://repository.swisssign.com/Luser.exe, 00000002.00000002.3409186030.000001F847F25000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		unknown
                                      http://crl.xrampsecurity.com/XGCA.crlRuser.exe, 00000002.00000002.3409186030.000001F847F25000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://peps.python.org/pep-0205/user.exe, 00000002.00000002.3408948014.000001F847890000.00000004.00001000.00020000.00000000.sdmp, user.exe, 00000002.00000003.2158515942.000001F84770C000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.2152930488.000001F845809000.00000004.00000020.00020000.00000000.sdmp, base_library.zip.0.drfalse
                                          		high
                                          http://crl.dhimyotis.com/certignarootca.crluser.exe, 00000002.00000002.3409186030.000001F847BF5000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3410010250.000001F848405000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            http://curl.haxx.se/rfc/cookie_spec.htmluser.exe, 00000002.00000002.3409847357.000001F8481A0000.00000004.00001000.00020000.00000000.sdmp, user.exe, 00000002.00000003.2160160747.000001F847D8F000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              http://ocsp.accv.esuser.exe, 00000002.00000002.3408589562.000001F847350000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filenameuser.exe, 00000002.00000002.3408336405.000001F8470A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxyuser.exe, 00000002.00000002.3409767823.000001F8480A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688user.exe, 00000002.00000002.3408336405.000001F847124000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://httpbin.org/getuser.exe, 00000002.00000002.3409928858.000001F8482A0000.00000004.00001000.00020000.00000000.sdmp, user.exe, 00000002.00000003.2160667306.000001F848405000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3410010250.000001F848405000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3409186030.000001F847CB9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_codeuser.exe, 00000002.00000002.3408336405.000001F8470A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://wwww.certigna.fr/autorites/0muser.exe, 00000002.00000002.3409186030.000001F847BF5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readeruser.exe, 00000002.00000002.3408174927.000001F8457B7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://github.com/python/cpython/issues/86361.user.exe, 00000002.00000003.2157638573.000001F8477A6000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.2157728627.000001F8477B8000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.2157877021.000001F847795000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3408755287.000001F8476FF000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.2158515942.000001F847768000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.2157782225.000001F847769000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.2157689910.000001F847768000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://httpbin.org/user.exe, 00000002.00000002.3409186030.000001F847C78000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://www.apache.org/licenses/user.exe, 00000000.00000003.2135434533.000001E955DE4000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drfalse
                                                                    		high
                                                                    https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=mainuser.exe, 00000000.00000003.2134952192.000001E955DE7000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                      		high
                                                                      https://wwww.certigna.fr/autorites/user.exe, 00000002.00000002.3410010250.000001F848405000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file_rust.pyd.0.drfalse
                                                                          		high
                                                                          https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_moduleuser.exe, 00000002.00000002.3408336405.000001F8470A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_cachesuser.exe, 00000002.00000002.3408336405.000001F8470A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535user.exe, 00000002.00000002.3408755287.000001F8476FF000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3408755287.000001F8477E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://cryptography.io/en/latest/installation/user.exe, 00000000.00000003.2134952192.000001E955DE7000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                  		high
                                                                                  https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_syuser.exe, 00000002.00000002.3408174927.000001F8457B7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://packaging.python.org/en/latest/specifications/core-metadata/#core-metadatauser.exe, 00000002.00000002.3409687341.000001F847F90000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://crl.securetrust.com/STCA.crluser.exe, 00000002.00000002.3409186030.000001F847F25000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://wwwsearch.sf.net/):user.exe, 00000002.00000002.3409186030.000001F847BF5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://github.com/python/importlib_metadata/wiki/Development-Methodologyuser.exe, 00000002.00000002.3409767823.000001F8480A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0user.exe, 00000002.00000002.3409186030.000001F847F25000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3408589562.000001F847350000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://www.accv.es/legislacion_c.htmuser.exe, 00000002.00000002.3409186030.000001F847F25000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://tools.ietf.org/html/rfc6125#section-6.4.3user.exe, 00000002.00000002.3409767823.000001F8480A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://cryptography.io/en/latest/security/user.exe, 00000000.00000003.2134952192.000001E955DE7000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                    		high
                                                                                                    https://cffi.readthedocs.io/en/latest/using.html#callbacks_cffi_backend.cp313-win_amd64.pyd.0.drfalse
                                                                                                      		high
                                                                                                      http://crl.xrampsecurity.com/XGCA.crl0user.exe, 00000002.00000002.3409186030.000001F847BF5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://www.cert.fnmt.es/dpcs/user.exe, 00000002.00000002.3409186030.000001F847BF5000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3410010250.000001F848405000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://google.com/mailuser.exe, 00000002.00000002.3409186030.000001F847BF5000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3409186030.000001F847C78000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://packaging.python.org/specifications/entry-points/user.exe, 00000002.00000002.3409687341.000001F847F90000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://www.accv.es00user.exe, 00000002.00000002.3409186030.000001F847F25000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://www.python.org/psf/license/)user.exe, 00000002.00000002.3412055684.00007FFD94678000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pyuser.exe, 00000002.00000002.3408174927.000001F8457B7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://github.com/pyca/cryptography/issuesMETADATA.0.dr, _rust.pyd.0.drfalse
                                                                                                                      		high
                                                                                                                      https://readthedocs.org/projects/cryptography/badge/?version=latestuser.exe, 00000000.00000003.2134952192.000001E955DE7000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                        		high
                                                                                                                        https://foss.heptapod.net/pypy/pypy/-/issues/3539user.exe, 00000002.00000002.3409026139.000001F847990000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.user.exe, 00000002.00000002.3408755287.000001F847690000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://google.com/user.exe, 00000002.00000002.3408755287.000001F8476FF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://ocsp.accv.estuser.exe, 00000002.00000002.3408589562.000001F847350000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                https://mahler:8092/site-updates.pyuser.exe, 00000002.00000002.3409186030.000001F847D58000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.2160160747.000001F847D8F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://crl.securetrust.com/SGCA.crluser.exe, 00000002.00000002.3409186030.000001F847F25000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://.../back.jpeguser.exe, 00000002.00000002.3409928858.000001F8482A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://tools.ietf.org/html/rfc7231#section-4.3.6)user.exe, 00000002.00000002.3408755287.000001F8476FF000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.2158515942.000001F8477A6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://github.com/pyca/cryptographyuser.exe, 00000000.00000003.2134952192.000001E955DE7000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                          		high
                                                                                                                                          https://cryptography.io/METADATA.0.drfalse
                                                                                                                                            		high
                                                                                                                                            https://httpbin.org/postuser.exe, 00000002.00000002.3408755287.000001F8476FF000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.2157425379.000001F847765000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.2158515942.000001F847768000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.2157782225.000001F847769000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.2157689910.000001F847768000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://pyperclip.readthedocs.io/en/latest/index.html#not-implemented-erroruser.exe, 00000002.00000002.3410228590.000001F848C44000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_sourceuser.exe, 00000002.00000002.3408336405.000001F847124000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://github.com/pyca/cryptography/user.exe, 00000000.00000003.2134952192.000001E955DE7000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                    		high
                                                                                                                                                    https://github.com/Ousret/charset_normalizeruser.exe, 00000002.00000003.2160391877.000001F847CB9000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3409186030.000001F847CB9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://www.firmaprofesional.com/cps0user.exe, 00000002.00000002.3409186030.000001F847C78000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3408589562.000001F847350000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_specuser.exe, 00000002.00000002.3408336405.000001F8470A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://github.com/urllib3/urllib3/issues/2920user.exe, 00000002.00000002.3409767823.000001F8480A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://crl.securetrust.com/SGCA.crl0user.exe, 00000002.00000002.3408755287.000001F8476FF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_datauser.exe, 00000002.00000002.3408174927.000001F8457B7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://yahoo.com/user.exe, 00000002.00000002.3409186030.000001F847BF5000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3409186030.000001F847C78000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://crl.securetrust.com/STCA.crl0user.exe, 00000002.00000002.3408755287.000001F8476FF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6user.exe, 00000002.00000002.3408589562.000001F847350000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://html.spec.whatwg.org/multipage/user.exe, 00000002.00000002.3409186030.000001F847BF5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://www.quovadisglobal.com/cps0user.exe, 00000002.00000002.3409186030.000001F847CB9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crluser.exe, 00000002.00000002.3409186030.000001F847D58000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warningsuser.exe, 00000002.00000002.3409105783.000001F847A90000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0user.exe, 00000002.00000002.3409186030.000001F847F25000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://cryptography.io/en/latest/changelog/user.exe, 00000000.00000003.2134952192.000001E955DE7000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://www.rfc-editor.org/rfc/rfc8259#section-8.1user.exe, 00000002.00000002.3409186030.000001F847BF5000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3408755287.000001F8477E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://github.com/pyca/cryptography/issues/9253_rust.pyd.0.drfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://mail.python.org/mailman/listinfo/cryptography-devuser.exe, 00000000.00000003.2134952192.000001E955DE7000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://requests.readthedocs.iouser.exe, 00000002.00000002.3409928858.000001F8482A0000.00000004.00001000.00020000.00000000.sdmp, user.exe, 00000002.00000002.3408755287.000001F8476FF000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.2157425379.000001F847765000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.2158515942.000001F847768000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.2157782225.000001F847769000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.2157689910.000001F847768000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://repository.swisssign.com/user.exe, 00000002.00000002.3409186030.000001F847D58000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3409186030.000001F847F25000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3409186030.000001F847CB9000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000002.3408589562.000001F847350000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            http://crl.xrampsecurity.com/XGCA.crluser.exe, 00000002.00000002.3409186030.000001F847F25000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://www.python.orguser.exe, 00000002.00000002.3408755287.000001F8476FF000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.2157425379.000001F847765000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.2158515942.000001F847768000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.2157782225.000001F847769000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.2157689910.000001F847768000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/user.exe, 00000002.00000002.3409186030.000001F847BF5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  http://crl.dhimyotis.com/certignarootca.crlhuser.exe, 00000002.00000002.3410010250.000001F848405000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    http://www.accv.es/legislacion_c.htm0Uuser.exe, 00000002.00000002.3409186030.000001F847F25000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      http://ocsp.accv.es0user.exe, 00000002.00000002.3409186030.000001F847F25000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://www.python.org/user.exe, 00000002.00000002.3409186030.000001F847D58000.00000004.00000020.00020000.00000000.sdmp, user.exe, 00000002.00000003.2160160747.000001F847D8F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://json.orguser.exe, 00000002.00000002.3408589562.000001F847350000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high

                                                                                                                                                                                                            World Map of Contacted IPs

                                                                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                                                                            • 75% < No. of IPs

                                                                                                                                                                                                            Public IPs

                                                                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                            149.154.167.220
                                                                                                                                                                                                            		api.telegram.orgUnited Kingdom
                                                                                                                                                                                                            		62041TELEGRAMRUfalse

                                                                                                                                                                                                            General Information

                                                                                                                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                            Analysis ID:1579342
                                                                                                                                                                                                            Start date and time:2024-12-21 19:51:08 +01:00
                                                                                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                                                                                            Overall analysis duration:0h 7m 55s
                                                                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                                                                            Report type:full
                                                                                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                            Number of analysed new started processes analysed:6
                                                                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                                                                                            Technologies:
                                                                                                                                                                                                            • HCA enabled
                                                                                                                                                                                                            • EGA enabled
                                                                                                                                                                                                            • AMSI enabled
                                                                                                                                                                                                            Analysis Mode:default
                                                                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                                                                            Sample name:user.exe
                                                                                                                                                                                                            Detection:MAL
                                                                                                                                                                                                            Classification:mal60.troj.evad.winEXE@3/41@1/1
                                                                                                                                                                                                            EGA Information:
                                                                                                                                                                                                            • Successful, ratio: 100%
                                                                                                                                                                                                            HCA Information:Failed
                                                                                                                                                                                                            Cookbook Comments:
                                                                                                                                                                                                            • Found application associated with file extension: .exe

                                                                                                                                                                                                            Warnings

                                                                                                                                                                                                            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                                                                                                                            • Excluded IPs from analysis (whitelisted): 13.107.246.63, 20.12.23.50
                                                                                                                                                                                                            • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.

                                                                                                                                                                                                            Simulations

                                                                                                                                                                                                            Behavior and APIs

                                                                                                                                                                                                            TimeTypeDescription
                                                                                                                                                                                                            19:52:07Task SchedulerRun new task: WindowsUpdateService path: C:\Users\user\user.exe

                                                                                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                                                                                            IPs

                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                            149.154.167.220file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                                                                                                                                                                                                8v1GZ8v1LF.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  HX Design.exeGet hashmaliciousPython Stealer, Blank GrabberBrowse
                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, AsyncRAT, LummaC Stealer, XWormBrowse
                                                                                                                                                                                                                      2QaN4hOyJs.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                        Invoice DHL - AWB 2024 E4001 - 0000731.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                                                          c9toH15OT0.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            9KEZfGRjyK.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              9KEZfGRjyK.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                Domains

                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                api.telegram.orgfile.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                8v1GZ8v1LF.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                HX Design.exeGet hashmaliciousPython Stealer, Blank GrabberBrowse
                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                2QaN4hOyJs.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                Invoice DHL - AWB 2024 E4001 - 0000731.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                c9toH15OT0.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                9KEZfGRjyK.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                9KEZfGRjyK.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                PURCHASE ORDER TRC-090971819130-24_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                                                                                                                                • 149.154.167.220

                                                                                                                                                                                                                                ASNs

                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                TELEGRAMRUfile.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XmrigBrowse
                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                8v1GZ8v1LF.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                HX Design.exeGet hashmaliciousPython Stealer, Blank GrabberBrowse
                                                                                                                                                                                                                                • 149.154.167.220
                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                                                                                                                                                • 149.154.167.99
                                                                                                                                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, AsyncRAT, LummaC Stealer, XWormBrowse
                                                                                                                                                                                                                                • 149.154.167.220

                                                                                                                                                                                                                                JA3 Fingerprints

                                                                                                                                                                                                                                No context

                                                                                                                                                                                                                                Dropped Files

                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\_MEI24482\Pythonwin\mfc140u.dllDeltaX.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  zapret.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    winws1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      zapret.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        zapret.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          discord.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            main.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              zapret.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                Payload.exeGet hashmaliciousPython Stealer, BLX Stealer, XLABB GrabberBrowse
                                                                                                                                                                                                                                                  Payload.exeGet hashmaliciousPython Stealer, BLX Stealer, XLABB GrabberBrowse
                                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI24482\Pythonwin\win32ui.pydList Furniture.batGet hashmaliciousPython Stealer, BraodoBrowse

                                                                                                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI24482\Pythonwin\mfc140u.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):5653536
                                                                                                                                                                                                                                                      Entropy (8bit):6.729079283804055
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:49152:ULnsrdZXUTQyJa9qgUUjlQNXkW8GCBTDgHsYogTYn3s3pQMqSj+vTCfEs7ATWYls:UoJUEUYS3zUQFLOAkGkzdnEVomFHKnP+
                                                                                                                                                                                                                                                      MD5:CD1D99DF975EE5395174DF834E82B256
                                                                                                                                                                                                                                                      SHA1:F395ADA2EFC6433B34D5FBC5948CB47C7073FA43
                                                                                                                                                                                                                                                      SHA-256:D8CA1DEA862085F0204680230D29BFF4D168FFF675AB4700EEAF63704D995CB3
                                                                                                                                                                                                                                                      SHA-512:397F725E79CA2C68799CF68DFB111A1570427F3D2175D740758C387BDAA508BC9014613E997B92FC96E884F66BB17F453F8AA035731AFD022D9A4E7095616F87
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                                                                                                      • Filename: DeltaX.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                      • Filename: zapret.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                      • Filename: winws1.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                      • Filename: zapret.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                      • Filename: zapret.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                      • Filename: discord.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                      • Filename: main.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                      • Filename: zapret.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                      • Filename: Payload.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                      • Filename: Payload.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                      Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Q.cu...&...&...&...'...&...'...&...'...&..&...&G..'...&G..'...&...'...&...&..&G..'...&G..'...&G..'...&G..'...&G..&...&G..'...&Rich...&................PE..d...9.:e.........." .....(-..X)......X,.......................................V.....&~V...`A..........................................:.....h.;.......?......`=..8....V. (...PU.0p..P.5.T...........................`...8............@-.P...(.:......................text....&-......(-................. ..`.rdata.......@-......,-.............@..@.data....6... <.......<.............@....pdata...8...`=..:....<.............@..@.didat..H.....?.......?.............@....rsrc.........?.......?.............@..@.reloc..0p...PU..r....T.............@..B................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI24482\Pythonwin\win32ui.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1044992
                                                                                                                                                                                                                                                      Entropy (8bit):6.005174713821525
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12288:cVDH7h88c4vGmhhbrGRUDG+AYZ2OWTw/3EnrE:sDHdRcgFv8qWTwco
                                                                                                                                                                                                                                                      MD5:9AF5F53A9201B7E62AC91EDC8AB89C6A
                                                                                                                                                                                                                                                      SHA1:4DDFE7AF2248A76B5DB90AF0EAF4C80E2B4CD6DB
                                                                                                                                                                                                                                                      SHA-256:F84528FC136D8ABAE77543B8E9E8C9489C4495C491807907E675C15F028816F6
                                                                                                                                                                                                                                                      SHA-512:0581BA9951452BD7B2A193B8D73573B49CB8115468B6AF8B988628670A768A6882AC4C2C9FAA559F731ADD4378DCF606C3FFEEF96AD8A479B272E6C429DC1293
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                                                                                                      • Filename: List Furniture.bat, Detection: malicious, Browse
                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........;`K.Z...Z...Z..."...Z..=/...Z.......Z..."...Z.../...Z.../...Z.../...Z...Z...\.../...Z..=/...Z..=/...Z..=/...Z..=/...Z..Rich.Z..........................PE..d...~..g.........." .....|...r......T1....................................................`.............................................T......h............p..............0..`\......T.......................(.......8................0...........................text....z.......|.................. ..`.rdata.............................@..@.data........P.......6..............@....pdata......p......................@..@.rsrc................z..............@..@.reloc..`\...0...^..................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI24482\VCRUNTIME140.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):120400
                                                                                                                                                                                                                                                      Entropy (8bit):6.6017475353076716
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:1536:N9TXF5LLXQLlNycKW+D4SdqJk6aN1ACuyxLiyazYaCVoecbdhgOwAd+zfZ1zu:N9jelDoD9uyxLizzFzecbdPwA87S
                                                                                                                                                                                                                                                      MD5:862F820C3251E4CA6FC0AC00E4092239
                                                                                                                                                                                                                                                      SHA1:EF96D84B253041B090C243594F90938E9A487A9A
                                                                                                                                                                                                                                                      SHA-256:36585912E5EAF83BA9FEA0631534F690CCDC2D7BA91537166FE53E56C221E153
                                                                                                                                                                                                                                                      SHA-512:2F8A0F11BCCC3A8CB99637DEEDA0158240DF0885A230F38BB7F21257C659F05646C6B61E993F87E0877F6BA06B347DDD1FC45D5C44BC4E309EF75ED882B82E4E
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\=..\...\...\..S$...\...$...\...\..5\...\...\.....\.....\.....\.....\......\.....\..Rich.\..........PE..d.....x.........." ...).$...d............................................................`A........................................0u..4...d}..........................PP...........^..p............................\..@............@...............................text............................... ..`fothk........0...................... ..`.rdata...C...@...D...(..............@..@.data................l..............@....pdata...............p..............@..@_RDATA...............|..............@..@.rsrc................~..............@..@.reloc..............................@..B................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI24482\VCRUNTIME140_1.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):49744
                                                                                                                                                                                                                                                      Entropy (8bit):6.701724666218339
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:768:ApzzO6ujT3MbR3v0Cz6SR8q83yaFdWr9zRcmgEl6U9zSC:9q/oGw3fFdwzRcmZFzSC
                                                                                                                                                                                                                                                      MD5:68156F41AE9A04D89BB6625A5CD222D4
                                                                                                                                                                                                                                                      SHA1:3BE29D5C53808186EBA3A024BE377EE6F267C983
                                                                                                                                                                                                                                                      SHA-256:82A2F9AE1E6146AE3CB0F4BC5A62B7227E0384209D9B1AEF86BBCC105912F7CD
                                                                                                                                                                                                                                                      SHA-512:F7BF8AD7CD8B450050310952C56F6A20B378A972C822CCC253EF3D7381B56FFB3CA6CE3323BEA9872674ED1C02017F78AB31E9EB9927FC6B3CBA957C247E5D57
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?.{...{...{...0...y.......y...r.H.p...{...H.......|.......`.......~.......z.....$.z.......z...Rich{...........PE..d...l0.?.........." ...).<...8.......@...............................................b....`A........................................pm.......m..x....................r..PP......D....c..p...........................`b..@............P..`............................text....;.......<.................. ..`.rdata.."#...P...$...@..............@..@.data................d..............@....pdata...............f..............@..@.rsrc................l..............@..@.reloc..D............p..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI24482\_bz2.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):84240
                                                                                                                                                                                                                                                      Entropy (8bit):6.607563436050078
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:1536:Kdrz7l1EVLsSuvX3dUK4MLgqK7YEog8y5sV8lIJLVy7SyFB:urzcuvXvrEo7y6V8lIJLVyB
                                                                                                                                                                                                                                                      MD5:CB8C06C8FA9E61E4AC5F22EEBF7F1D00
                                                                                                                                                                                                                                                      SHA1:D8E0DFC8127749947B09F17C8848166BAC659F0D
                                                                                                                                                                                                                                                      SHA-256:FC3B481684B926350057E263622A2A5335B149A0498A8D65C4F37E39DD90B640
                                                                                                                                                                                                                                                      SHA-512:E6DA642B7200BFB78F939F7D8148581259BAA9A5EDDA282C621D14BA88083A9B9BD3D17B701E9CDE77AD1133C39BD93FC9D955BB620546BB4FCF45C68F1EC7D6
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e...!m..!m..!m..(.o.+m..1...#m..1..."m..1...%m..1...)m..1...,m..i..."m..j...#m..!m..|m..i...)m..i... m..i... m..i... m..Rich!m..........PE..d.....g.........." ...).....\......0........................................P......7[....`.............................................H...(........0....... .. ......../...@..........T...........................`...@...............x............................text............................... ..`.rdata...=.......>..................@..@.data...............................@....pdata.. .... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI24482\_cffi_backend.cp313-win_amd64.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):179200
                                                                                                                                                                                                                                                      Entropy (8bit):6.189919896183334
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3072:X3LjFuaTzDGA3GrJwUdoSPhpRv9JUizQWS7LkSTLkKWgFIPXD0:X3QaT3GA3NSPhDsizTikSTLLWgF0z0
                                                                                                                                                                                                                                                      MD5:5CBA92E7C00D09A55F5CBADC8D16CD26
                                                                                                                                                                                                                                                      SHA1:0300C6B62CD9DB98562FDD3DE32096AB194DA4C8
                                                                                                                                                                                                                                                      SHA-256:0E3D149B91FC7DC3367AB94620A5E13AF6E419F423B31D4800C381468CB8AD85
                                                                                                                                                                                                                                                      SHA-512:7AB432C8774A10F04DDD061B57D07EBA96481B5BB8C663C6ADE500D224C6061BC15D17C74DA20A7C3CEC8BBF6453404D553EBAB22D37D67F9B163D7A15CF1DED
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......i..#-p.p-p.p-p.p$..p!p.p=.q/p.p=.zp)p.p=.q)p.p=.q%p.p=.q!p.pf..q)p.p9.q.p.p-p.p.p.pe..q)p.p$..p,p.pe..q,p.pe.xp,p.pe..q,p.pRich-p.p........................PE..d..._..f.........." ...).....B......@........................................0............`..........................................h..l....i..................T............ ......0O...............................M..@............................................text............................... ..`.rdata..............................@..@.data....].......0...n..............@....pdata..T...........................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI24482\_ctypes.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):131344
                                                                                                                                                                                                                                                      Entropy (8bit):6.311142284249784
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3072:3RF024DWkT/DKGkXY402iXnVJf/FO50XnekZ39gPhvEQZIJyPArm:j0nHT/DKFXZorf/FO50uW3SEQt
                                                                                                                                                                                                                                                      MD5:A55E57D7594303C89B5F7A1D1D6F2B67
                                                                                                                                                                                                                                                      SHA1:904A9304A07716497CF3E4EAAFD82715874C94F1
                                                                                                                                                                                                                                                      SHA-256:F63C6C7E71C342084D8F1A108786CA6975A52CEFEF8BE32CC2589E6E2FE060C8
                                                                                                                                                                                                                                                      SHA-512:FFA61AD2A408A831B5D86B201814256C172E764C9C1DBE0BD81A2E204E9E8117C66F5DFA56BB7D74275D23154C0ED8E10D4AE8A0D0564434E9761D754F1997FC
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........h~..............q...............................................q.......q......!u.............................................Rich....................PE..d.....g.........." ...).............h....................................... .......Z....`.........................................P.................................../...........=..T............................;..@............0...............................text............................... ..`.rdata...y...0...z..................@..@.data....$....... ..................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI24482\_decimal.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):277776
                                                                                                                                                                                                                                                      Entropy (8bit):6.5855511991551
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6144:x9iD78EIq4x4OA5bZZ0KDgQcI79qWM53pLW1AFR8E4wXw76TPlpV77777VMvyk:xwDGqr5b8EgQ5+w6k
                                                                                                                                                                                                                                                      MD5:F3377F3DE29579140E2BBAEEFD334D4F
                                                                                                                                                                                                                                                      SHA1:B3076C564DBDFD4CA1B7CC76F36448B0088E2341
                                                                                                                                                                                                                                                      SHA-256:B715D1C18E9A9C1531F21C02003B4C6726742D1A2441A1893BC3D79D7BB50E91
                                                                                                                                                                                                                                                      SHA-512:34D9591590BBA20613691A5287EF329E5927A58127CE399088B4D68A178E3AF67159A8FC55B4FCDCB08AE094753B20DEC2AC3F0B3011481E4ED6F37445CECDD5
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j2U..\...\...\..s....\..]...\.._...\..X...\..Y...\...]...\..s]...\...].z.\..._...\...Q...\...\...\.......\...^...\.Rich..\.........................PE..d......g.........." ...).....Z...............................................P......W.....`.................................................L........0..........t+......./...@..........T...............................@............... ............................text.............................. ..`.rdata..\...........................@..@.data...8'......."..................@....pdata..t+.......,..................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI24482\_hashlib.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):64272
                                                                                                                                                                                                                                                      Entropy (8bit):6.220967684620152
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:768:eNJI0DWiflFwY9X3Th1JnptE462TxNvdbj4dIJvI75YiSyvE62Em:2LDxflFwY9XDhPfVNv+dIJvIF7Syc6c
                                                                                                                                                                                                                                                      MD5:32D76C9ABD65A5D2671AEEDE189BC290
                                                                                                                                                                                                                                                      SHA1:0D4440C9652B92B40BB92C20F3474F14E34F8D62
                                                                                                                                                                                                                                                      SHA-256:838D5C8B7C3212C8429BAF612623ABBBC20A9023EEC41E34E5461B76A285B86C
                                                                                                                                                                                                                                                      SHA-512:49DC391F4E63F4FF7D65D6FD837332745CC114A334FD61A7B6AA6F710B235339964B855422233FAC4510CCB9A6959896EFE880AB24A56261F78B2A0FD5860CD9
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........W.A.6...6...6...N%..6.......6.......6.......6.......6.......6...N...6.......6...6..26.......6.......6....I..6.......6..Rich.6..........PE..d......g.........." ...).P...~.......=..............................................!.....`.........................................p...P................................/......X....l..T............................k..@............`...............................text....N.......P.................. ..`.rdata...M...`...N...T..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..X...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI24482\_lzma.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):157968
                                                                                                                                                                                                                                                      Entropy (8bit):6.854644275249963
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3072:KbbS4R/G4Z8r7NjwJTSUqCRY4By7znfB9mNowgn0lCelIJ012+j:KbR/8oWeBi5YOwflCe8o
                                                                                                                                                                                                                                                      MD5:1BA022D42024A655CF289544AE461FB8
                                                                                                                                                                                                                                                      SHA1:9772A31083223ECF66751FF3851D2E3303A0764C
                                                                                                                                                                                                                                                      SHA-256:D080EABD015A3569813A220FD4EA74DFF34ED2A8519A10473EB37E22B1118A06
                                                                                                                                                                                                                                                      SHA-512:2B888A2D7467E29968C6BB65AF40D4B5E80722FFDDA760AD74C912F3A2F315D402F3C099FDE82F00F41DE6C9FAAEDB23A643337EB8821E594C567506E3464C62
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7...V.,.V.,.V.,...,.V.,..-.V.,..-.V.,..-.V.,..-.V.,..-.V.,...-.V.,.V.,.V.,..-.V.,..-.V.,..u,.V.,..-.V.,Rich.V.,................PE..d......g.........." ...).`...........1.......................................p.......P....`.............................................L.......x....P.......0.......:.../...`..4....|..T...........................P{..@............p...............................text...^^.......`.................. ..`.rdata.......p.......d..............@..@.data........ ......................@....pdata.......0......................@..@.rsrc........P......................@..@.reloc..4....`.......8..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI24482\_queue.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):33552
                                                                                                                                                                                                                                                      Entropy (8bit):6.446391764486538
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:7GpPCRjqMu/AoS6rf7sif0NHQibZIJ9UoOHQIYiSy1pCQ5xX1rSJIVE8E9VF0Nyf:fkTM6rg9aeZIJ9Uok5YiSyvTo2Et
                                                                                                                                                                                                                                                      MD5:1C03CAA59B5E4A7FB9B998D8C1DA165A
                                                                                                                                                                                                                                                      SHA1:8A318F80A705C64076E22913C2206D9247D30CD7
                                                                                                                                                                                                                                                      SHA-256:B9CF502DADCB124F693BF69ECD7077971E37174104DBDA563022D74961A67E1E
                                                                                                                                                                                                                                                      SHA-512:783ECDA7A155DFC96A718D5A130FB901BBECBED05537434E779135CBA88233DD990D86ECA2F55A852C9BFB975074F7C44D8A3E4558D7C2060F411CE30B6A915F
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........T...........-.........................................................................A...........Rich...................PE..d.....g.........." ...).....:.......................................................r....`.........................................PD..L....D..d....p.......`..l....T.../..........@4..T............................3..@............0...............................text............................... ..`.rdata..2....0....... ..............@..@.data........P.......>..............@....pdata..l....`.......D..............@..@.rsrc........p.......H..............@..@.reloc...............R..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI24482\_socket.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):83728
                                                                                                                                                                                                                                                      Entropy (8bit):6.331814573029388
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:1536:XuV3gvWHQdMq3ORC/OypTXQlyJ+9+nzEYwsBI6tzOKuZIJywJ7Sy21:XuVQvcQTSypTXQlyJs+nzEYJI6QlZIJY
                                                                                                                                                                                                                                                      MD5:FE896371430BD9551717EF12A3E7E818
                                                                                                                                                                                                                                                      SHA1:E2A7716E9CE840E53E8FC79D50A77F40B353C954
                                                                                                                                                                                                                                                      SHA-256:35246B04C6C7001CA448554246445A845CE116814A29B18B617EA38752E4659B
                                                                                                                                                                                                                                                      SHA-512:67ECD9A07DF0A07EDD010F7E3732F3D829F482D67869D6BCE0C9A61C24C0FDC5FF4F4E4780B9211062A6371945121D8883BA2E9E2CF8EB07B628547312DFE4C9
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............ll}.ll}.ll}...}.ll}..m|.ll}..o|.ll}..h|.ll}..i|.ll}..m|.ll}.lm}.ll}..m|.ll}..a|.ll}..l|.ll}..}.ll}..n|.ll}Rich.ll}........PE..d.....g.........." ...).x.......... -.......................................`.......s....`.........................................@...P............@.......0.........../...P..........T...........................@...@............................................text....w.......x.................. ..`.rdata.. y.......z...|..............@..@.data...............................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI24482\_ssl.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):181520
                                                                                                                                                                                                                                                      Entropy (8bit):5.972827303352998
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3072:kO+IWyXHllRhN1qhep7fM6CpqjZI8u7pUULbaLZErWreVEzvT3iFCNc6tYwJc1OW:kpSrhN1E2M6CpUuwg5dEW7
                                                                                                                                                                                                                                                      MD5:1C0E3E447F719FBE2601D0683EA566FC
                                                                                                                                                                                                                                                      SHA1:5321AB73B36675B238AB3F798C278195223CD7B1
                                                                                                                                                                                                                                                      SHA-256:63AE2FEFBFBBBC6EA39CDE0A622579D46FF55134BC8C1380289A2976B61F603E
                                                                                                                                                                                                                                                      SHA-512:E1A430DA2A2F6E0A1AED7A76CC4CD2760B3164ABC20BE304C1DB3541119942508E53EA3023A52B8BADA17A6052A7A51A4453EFAD1A888ACB3B196881226C2E5C
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......FM.^.,k..,k..,k..T...,k...j..,k...h..,k...o..,k...n..,k.J.j..,k...j..,k..,j..-k.ITj..,k.J.f..,k.J.k..,k.J....,k.J.i..,k.Rich.,k.................PE..d......g.........." ...)............ /..............................................R\....`.............................................d................................/..............T...........................P...@............................................text...0........................... ..`.rdata..D%.......&..................@..@.data...`...........................@....pdata...............n..............@..@.rsrc................z..............@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI24482\_wmi.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):38160
                                                                                                                                                                                                                                                      Entropy (8bit):6.338856805460127
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:768:fEkK9VgWOZbs3550QcJpPllIJLiX5YiSyvQ602Euf0:fE93jkbQcJvlIJLiJ7Syq00
                                                                                                                                                                                                                                                      MD5:1C30CC7DF3BD168D883E93C593890B43
                                                                                                                                                                                                                                                      SHA1:31465425F349DAE4EDAC9D0FEABC23CE83400807
                                                                                                                                                                                                                                                      SHA-256:6435C679A3A3FF4F16708EBC43F7CA62456C110AC1EA94F617D8052C90C143C7
                                                                                                                                                                                                                                                      SHA-512:267A1807298797B190888F769D998357B183526DFCB25A6F1413E64C5DCCF87F51424B7E5D6F2349D7A19381909AB23B138748D8D9F5858F7DC0552F5C5846AC
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........H2.&a.&a.&a..a.&a..'`.&a..%`.&a.."`.&a..'`.&a..#`.&a..'`.&a.'a..&a.."`.&a../`.&a..&`.&a...a.&a..$`.&aRich.&a................PE..d.....g.........." ...).,...<.......)..............................................'.....`.........................................0V..H...xV.......................f.../......x...tG..T............................C..@............@.......T..@....................text....*.......,.................. ..`.rdata..d ...@..."...0..............@..@.data........p.......R..............@....pdata...............V..............@..@.rsrc................Z..............@..@.reloc..x............d..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI24482\base_library.zip

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                                      File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1394456
                                                                                                                                                                                                                                                      Entropy (8bit):5.531698507573688
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12288:IW7WpLV6yNLeGQbVz3YQfiBgDPtLwjFx278e6ZQnHS91lqyL+DXUgnxOr+dx5/GO:B7WpLtHa9BHSHAW+dx5/GP05vddD
                                                                                                                                                                                                                                                      MD5:A9CBD0455B46C7D14194D1F18CA8719E
                                                                                                                                                                                                                                                      SHA1:E1B0C30BCCD9583949C247854F617AC8A14CBAC7
                                                                                                                                                                                                                                                      SHA-256:DF6C19637D239BFEDC8CD13D20E0938C65E8FDF340622FF334DB533F2D30FA19
                                                                                                                                                                                                                                                      SHA-512:B92468E71490A8800E51410DF7068DD8099E78C79A95666ECF274A9E9206359F049490B8F60B96081FAFD872EC717E67020364BCFA972F26F0D77A959637E528
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:PK..........!..b.e............_collections_abc.pyc......................................\.....S.r.S.S.K.J.r.J.r. .S.S.K.r.\.".\.\.....5.......r.\.".S.5.......r.S...r.\.".\.5.......r.C./.S.Q.r.S.r.\.".\.".S.5.......5.......r.\.".\.".\.".5.......5.......5.......r.\.".\.".0.R%..................5.......5.......5.......r.\.".\.".0.R)..................5.......5.......5.......r.\.".\.".0.R-..................5.......5.......5.......r.\.".\."./.5.......5.......r.\.".\.".\."./.5.......5.......5.......r.\.".\.".\.".S.5.......5.......5.......r.\.".\.".\.".S.S.-...5.......5.......5.......r.\.".\.".\.".5.......5.......5.......r.\.".\.".S.5.......5.......r \.".\.".S.5.......5.......r!\.".\.".\"".5.......5.......5.......r#\.".0.R%..................5.......5.......r$\.".0.R)..................5.......5.......r%\.".0.R-..................5.......5.......r&\.".\.RN..................5.......r(S...r)\)".5.......r*C)\.".S...".5.......5.......r+S...r,\,".5.......r,\.".\,5.......r-\,R]..................5.......

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI24482\certifi\cacert.pem

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):299427
                                                                                                                                                                                                                                                      Entropy (8bit):6.047872935262006
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6144:QW1x/M8fRR1jplkXURrVADwYCuCigT/QRSRqNb7d8iu5Nahx:QWb/TRJLWURrI5RWavdF08/
                                                                                                                                                                                                                                                      MD5:50EA156B773E8803F6C1FE712F746CBA
                                                                                                                                                                                                                                                      SHA1:2C68212E96605210EDDF740291862BDF59398AEF
                                                                                                                                                                                                                                                      SHA-256:94EDEB66E91774FCAE93A05650914E29096259A5C7E871A1F65D461AB5201B47
                                                                                                                                                                                                                                                      SHA-512:01ED2E7177A99E6CB3FBEF815321B6FA036AD14A3F93499F2CB5B0DAE5B713FD2E6955AA05F6BDA11D80E9E0275040005E5B7D616959B28EFC62ABB43A3238F0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI24482\charset_normalizer\md.cp313-win_amd64.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):10752
                                                                                                                                                                                                                                                      Entropy (8bit):4.818583535960129
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:Mvs10hZd9D74ACb0xx2uKynu10YLsgxwJiUNiL0U5IZsJFPGDtCFCCQAADo+cX6m:MXv9XFCk2z1/t12iwU5usJFuCyPcqgE
                                                                                                                                                                                                                                                      MD5:56FE4F6C7E88212161F49E823CCC989A
                                                                                                                                                                                                                                                      SHA1:16D5CBC5F289AD90AEAA4FF7CB828627AC6D4ACF
                                                                                                                                                                                                                                                      SHA-256:002697227449B6D69026D149CFB220AC85D83B13056C8AA6B9DAC3FD3B76CAA4
                                                                                                                                                                                                                                                      SHA-512:7C9D09CF9503F73E6F03D30E54DBB50606A86D09B37302DD72238880C000AE2B64C99027106BA340753691D67EC77B3C6E5004504269508F566BDB5E13615F1E
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k............r_...........r................................................3..........Rich....................PE..d....$.g.........." ...).....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI24482\charset_normalizer\md__mypyc.cp313-win_amd64.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):124928
                                                                                                                                                                                                                                                      Entropy (8bit):5.953784637413928
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3072:JDE+0ov6ojgN3qN8h51Zlh+YW5E38vCsmLS:JdefPZE2ICDLS
                                                                                                                                                                                                                                                      MD5:10116447F9276F10664BA85A5614BA3A
                                                                                                                                                                                                                                                      SHA1:EFD761A3E6D14E897D37AFB0C7317C797F7AE1D6
                                                                                                                                                                                                                                                      SHA-256:C393098E7803ABF08EE8F7381AD7B0F8FAFFBF66319C05D72823308E898F8CFC
                                                                                                                                                                                                                                                      SHA-512:C04461E52B7FE92D108CBDEB879B7A8553DD552D79C88DFA3F5D0036EED8D4B8C839C0BF2563BC0C796F8280ED2828CA84747CB781D2F26B44214FCA2091EAE4
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........y.....................7...............7.......7.......7.......6..........D....6.......6.......6.......6......Rich............................PE..d....$.g.........." ...).@...........C.......................................0............`.........................................0...d.................................... ......................................P...@............P...............................text....?.......@.................. ..`.rdata..nY...P...Z...D..............@..@.data....=.......0..................@....pdata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI24482\cryptography-43.0.3.dist-info\INSTALLER

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):4
                                                                                                                                                                                                                                                      Entropy (8bit):1.5
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:Mn:M
                                                                                                                                                                                                                                                      MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                                      SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                                      SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                                      SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:pip.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI24482\cryptography-43.0.3.dist-info\METADATA

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):5440
                                                                                                                                                                                                                                                      Entropy (8bit):5.074230645519915
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:DloQIUQIhQIKQILbQIRIaMPktjaVxsxA2TLLDmplH7dwnqTIvrUmA0JQTQCQx5KN:RcPuP1srTLLDmplH7JTIvYX0JQTQ9x54
                                                                                                                                                                                                                                                      MD5:C891CD93024AF027647E6DE89D0FFCE2
                                                                                                                                                                                                                                                      SHA1:01D8D6F93F1B922A91C82D4711BCEFB885AD47B0
                                                                                                                                                                                                                                                      SHA-256:EB36E0E4251E8479EF36964440755EF22BEDD411BA87A93F726FA8E5BB0E64B0
                                                                                                                                                                                                                                                      SHA-512:3386FBB3DCF7383B2D427093624C531C50BE34E3E0AA0984547B953E04776D0D431D5267827F4194A9B0AD1AB897869115623E802A6A1C5D2AE1AD82C96CCE71
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:Metadata-Version: 2.3.Name: cryptography.Version: 43.0.3.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: License :: OSI Approved :: BSD License.Classifier: Natural Language :: English.Classifier: Operating System :: MacOS :: MacOS X.Classifier: Operating System :: POSIX.Classifier: Operating System :: POSIX :: BSD.Classifier: Operating System :: POSIX :: Linux.Classifier: Operating System :: Microsoft :: Windows.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Classif

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI24482\cryptography-43.0.3.dist-info\RECORD

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                                      File Type:CSV text
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):15485
                                                                                                                                                                                                                                                      Entropy (8bit):5.562603127346912
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:1XxTB7oz5jF4EHRThXsI4WPm6LciTwqU+NX6in5hqw/t+B:1XX7ohCE3sIPm6LciTwqU+96inhgB
                                                                                                                                                                                                                                                      MD5:196EB487FE23136C14B43FE28FD62DAD
                                                                                                                                                                                                                                                      SHA1:B7878EA852FA6C6A9B173E60B81029B5B00BA691
                                                                                                                                                                                                                                                      SHA-256:4032FF71C85740D209A454E06F96CBC56302ACEC18E1BD539D39369292DB2110
                                                                                                                                                                                                                                                      SHA-512:F2052E1F42C8EC69DCF501FFA32B27AEC939E769786BEE1F95C24466C774987F5AA8C13B5996D6C59D04755442EB421E53E0AE5EE0148872F9BD9FE01CF3FC8E
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:cryptography-43.0.3.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..cryptography-43.0.3.dist-info/METADATA,sha256=6zbg5CUehHnvNpZEQHVe8ivt1BG6h6k_cm-o5bsOZLA,5440..cryptography-43.0.3.dist-info/RECORD,,..cryptography-43.0.3.dist-info/WHEEL,sha256=8_4EnrLvbhzH224YH8WypoB7HFn-vpbwr_zHlr3XUBI,94..cryptography-43.0.3.dist-info/license_files/LICENSE,sha256=Pgx8CRqUi4JTO6mP18u0BDLW8amsv4X1ki0vmak65rs,197..cryptography-43.0.3.dist-info/license_files/LICENSE.APACHE,sha256=qsc7MUj20dcRHbyjIJn2jSbGRMaBOuHk8F9leaomY_4,11360..cryptography-43.0.3.dist-info/license_files/LICENSE.BSD,sha256=YCxMdILeZHndLpeTzaJ15eY9dz2s0eymiSMqtwCPtPs,1532..cryptography/__about__.py,sha256=-FkHKD9mSuEfH37wsSKnQzJZmL5zUAUTpB5OeUQjPE0,445..cryptography/__init__.py,sha256=mthuUrTd4FROCpUYrTIqhjz6s6T9djAZrV7nZ1oMm2o,364..cryptography/__pycache__/__about__.cpython-313.pyc,,..cryptography/__pycache__/__init__.cpython-313.pyc,,..cryptography/__pycache__/exceptions.cpython-313.pyc,,..cryptography/__p

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI24482\cryptography-43.0.3.dist-info\WHEEL

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):94
                                                                                                                                                                                                                                                      Entropy (8bit):5.016084900984752
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:RtEeX5pGogP+tkKciH/KQb:RtvoTWKTQb
                                                                                                                                                                                                                                                      MD5:C869D30012A100ADEB75860F3810C8C9
                                                                                                                                                                                                                                                      SHA1:42FD5CFA75566E8A9525E087A2018E8666ED22CB
                                                                                                                                                                                                                                                      SHA-256:F3FE049EB2EF6E1CC7DB6E181FC5B2A6807B1C59FEBE96F0AFFCC796BDD75012
                                                                                                                                                                                                                                                      SHA-512:B29FEAF6587601BBE0EDAD3DF9A87BFC82BB2C13E91103699BABD7E039F05558C0AC1EF7D904BCFAF85D791B96BC26FA9E39988DD83A1CE8ECCA85029C5109F0
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:Wheel-Version: 1.0.Generator: maturin (1.7.0).Root-Is-Purelib: false.Tag: cp39-abi3-win_amd64.

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI24482\cryptography-43.0.3.dist-info\license_files\LICENSE

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):197
                                                                                                                                                                                                                                                      Entropy (8bit):4.61968998873571
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:hWDncJhByZmJgXPForADu1QjygQuaAJygT2d5GeWreLRuOFEXAYeBKmJozlMHuO:h9Co8FyQjkDYc5tWreLBF/pn2mH1
                                                                                                                                                                                                                                                      MD5:8C3617DB4FB6FAE01F1D253AB91511E4
                                                                                                                                                                                                                                                      SHA1:E442040C26CD76D1B946822CAF29011A51F75D6D
                                                                                                                                                                                                                                                      SHA-256:3E0C7C091A948B82533BA98FD7CBB40432D6F1A9ACBF85F5922D2F99A93AE6BB
                                                                                                                                                                                                                                                      SHA-512:77A1919E380730BCCE5B55D76FBFFBA2F95874254FAD955BD2FE1DE7FC0E4E25B5FDAAB0FEFFD6F230FA5DC895F593CF8BFEDF8FDC113EFBD8E22FADAB0B8998
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:This software is made available under the terms of *either* of the licenses.found in LICENSE.APACHE or LICENSE.BSD. Contributions to cryptography are made.under the terms of *both* these licenses..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI24482\cryptography-43.0.3.dist-info\license_files\LICENSE.APACHE

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):11360
                                                                                                                                                                                                                                                      Entropy (8bit):4.426756947907149
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:nUDG5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEnQHbHR:UIvlKM1zJlFvmNz5VrlkTS0QHt
                                                                                                                                                                                                                                                      MD5:4E168CCE331E5C827D4C2B68A6200E1B
                                                                                                                                                                                                                                                      SHA1:DE33EAD2BEE64352544CE0AA9E410C0C44FDF7D9
                                                                                                                                                                                                                                                      SHA-256:AAC73B3148F6D1D7111DBCA32099F68D26C644C6813AE1E4F05F6579AA2663FE
                                                                                                                                                                                                                                                      SHA-512:F451048E81A49FBFA11B49DE16FF46C52A8E3042D1BCC3A50AAF7712B097BED9AE9AED9149C21476C2A1E12F1583D4810A6D36569E993FE1AD3879942E5B0D52
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:. Apache License. Version 2.0, January 2004. https://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial ow

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI24482\cryptography-43.0.3.dist-info\license_files\LICENSE.BSD

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1532
                                                                                                                                                                                                                                                      Entropy (8bit):5.058591167088024
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:MjUnoorbOFFTJJyRrYFTjzMbmqEvBTP4m96432s4EOkUTKQROJ32s3yxsITf+3tY:MkOFJSrYJsaN5P406432svv32s3EsIqm
                                                                                                                                                                                                                                                      MD5:5AE30BA4123BC4F2FA49AA0B0DCE887B
                                                                                                                                                                                                                                                      SHA1:EA5B412C09F3B29BA1D81A61B878C5C16FFE69D8
                                                                                                                                                                                                                                                      SHA-256:602C4C7482DE6479DD2E9793CDA275E5E63D773DACD1ECA689232AB7008FB4FB
                                                                                                                                                                                                                                                      SHA-512:DDBB20C80ADBC8F4118C10D3E116A5CD6536F72077C5916D87258E155BE561B89EB45C6341A1E856EC308B49A4CB4DBA1408EABD6A781FBE18D6C71C32B72C41
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:Copyright (c) Individual contributors..All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:.. 1. Redistributions of source code must retain the above copyright notice,. this list of conditions and the following disclaimer... 2. Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution... 3. Neither the name of PyCA Cryptography nor the names of its contributors. may be used to endorse or promote products derived from this software. without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND.ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOS

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI24482\cryptography\hazmat\bindings\_rust.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):7834624
                                                                                                                                                                                                                                                      Entropy (8bit):6.517862303223651
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:49152:oFNZj7fIo9W67PapgzJTkrXyzNzpXAbuiqCgIns3mYEXEqMrIU6i7GtlqdVwASO/:QI9X/gIFYEXME+oFNr5VQCJheq4BsxH
                                                                                                                                                                                                                                                      MD5:BFD28B03A4C32A9BCB001451FD002F67
                                                                                                                                                                                                                                                      SHA1:DD528FD5F4775E16B2E743D3188B66F1174807B2
                                                                                                                                                                                                                                                      SHA-256:8EF0F404A8BFF12FD6621D8F4F209499613F565777FE1C2A680E8A18F312D5A7
                                                                                                                                                                                                                                                      SHA-512:6DC39638435F147B399826E34F78571D7ED2ED1232275E213A2B020224C0645E379F74A0CA5DE86930D3348981C8BB03BBBECFA601F8BA781417E7114662DDEE
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r.b.6...6...6...?..$...&9..4...&9..2...&9..>...&9..'...}...8...Y<..5...6...2...~8..I...6.......~8..7...~8..7...Rich6...........PE..d......g.........." ...)..Y..$........W.......................................w...........`..........................................q.....l.q.............. s...............w......zi.T....................{i.(...Pyi.@.............Y..............................text...k.Y.......Y................. ..`.rdata...A....Y..B....Y.............@..@.data...@+....q.......q.............@....pdata....... s.......r.............@..@.reloc........w.......v.............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI24482\libcrypto-3.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):5232408
                                                                                                                                                                                                                                                      Entropy (8bit):5.940072183736028
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:98304:/V+Qs2NuR5YV0L8PQ1CPwDvt3uFlDC4SC9c:9rs2NuDYV0L841CPwDvt3uFlDC4SCa
                                                                                                                                                                                                                                                      MD5:123AD0908C76CCBA4789C084F7A6B8D0
                                                                                                                                                                                                                                                      SHA1:86DE58289C8200ED8C1FC51D5F00E38E32C1AAD5
                                                                                                                                                                                                                                                      SHA-256:4E5D5D20D6D31E72AB341C81E97B89E514326C4C861B48638243BDF0918CFA43
                                                                                                                                                                                                                                                      SHA-512:80FAE0533BA9A2F5FA7806E86F0DB8B6AAB32620DDE33B70A3596938B529F3822856DE75BDDB1B06721F8556EC139D784BC0BB9C8DA0D391DF2C20A80D33CB04
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........._~.._~.._~..V.S.M~.....]~.....[~.....W~.....S~.._~...~......T~..J....~..J...7}..J...^~..J.?.^~..J...^~..Rich_~..........................PE..d......f.........." ...(..7..<......v........................................0P.......O...`...........................................H.0.....O.@....@O.|.... L. .....O../...PO.$...`{D.8............................yD.@.............O..............................text.....7.......7................. ..`.rdata........7.......7.............@..@.data...Ao....K..<....K.............@....pdata....... L.......K.............@..@.idata...%....O..&....N.............@..@.00cfg..u....0O.......N.............@..@.rsrc...|....@O.......N.............@..@.reloc..~....PO.......N.............@..B................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI24482\libffi-8.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):39696
                                                                                                                                                                                                                                                      Entropy (8bit):6.641880464695502
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:768:NiQfxQemQJNrPN+moyijAc5YiSyvkIPxWEqG:dfxIQvPkmoyijP7SytPxF
                                                                                                                                                                                                                                                      MD5:0F8E4992CA92BAAF54CC0B43AACCCE21
                                                                                                                                                                                                                                                      SHA1:C7300975DF267B1D6ADCBAC0AC93FD7B1AB49BD2
                                                                                                                                                                                                                                                      SHA-256:EFF52743773EB550FCC6CE3EFC37C85724502233B6B002A35496D828BD7B280A
                                                                                                                                                                                                                                                      SHA-512:6E1B223462DC124279BFCA74FD2C66FE18B368FFBCA540C84E82E0F5BCBEA0E10CC243975574FA95ACE437B9D8B03A446ED5EE0C9B1B094147CEFAF704DFE978
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........iV...8...8...8..p....8.t9...8.p9...8...9...8.t=...8.t<...8.t;...8.1t<...8.1t;...8.1t8...8.1t:...8.Rich..8.........................PE..d...Sh.c.........." ...".H...(.......L...............................................n....`......................................... l.......p..P...............P....l.../......,...@d...............................c..@............`.. ............................text....G.......H.................. ..`.rdata..h....`.......L..............@..@.data................b..............@....pdata..P............d..............@..@.reloc..,............j..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI24482\libssl-3.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):792856
                                                                                                                                                                                                                                                      Entropy (8bit):5.57949182561317
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12288:7LN1sdyIzHHZp5c3nlUa6lxzAG11rbmFe9Xbv:7LgfzH5I3nlUa2AU2Fe9Xbv
                                                                                                                                                                                                                                                      MD5:4FF168AAA6A1D68E7957175C8513F3A2
                                                                                                                                                                                                                                                      SHA1:782F886709FEBC8C7CEBCEC4D92C66C4D5DBCF57
                                                                                                                                                                                                                                                      SHA-256:2E4D35B681A172D3298CAF7DC670451BE7A8BA27C26446EFC67470742497A950
                                                                                                                                                                                                                                                      SHA-512:C372B759B8C7817F2CBB78ECCC5A42FA80BDD8D549965BD925A97C3EEBDCE0335FBFEC3995430064DEAD0F4DB68EBB0134EB686A0BE195630C49F84B468113E3
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l.>..|m..|m..|m.u.m..|m+.}l..|m.u}l..|m+..l..|m+.xl..|m+.yl..|m..}l..|m..}m..|m..xl..|m..|l..|m...m..|m..~l..|mRich..|m................PE..d......f.........." ...(.>..........K........................................0......!+....`..........................................x...Q..............s.... ...M......./......d...p...8...............................@............................................text....<.......>.................. ..`.rdata..hz...P...|...B..............@..@.data...qN.......H..................@....pdata..pV... ...X..................@..@.idata...c.......d...^..............@..@.00cfg..u...........................@..@.rsrc...s...........................@..@.reloc..C...........................@..B........................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI24482\python3.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):70416
                                                                                                                                                                                                                                                      Entropy (8bit):6.1258200129869405
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:768:pQEotsskOv6pWVCB4p/uKlZPRQcFIc9qunV0Jku/YFI1Hu1wEBbCpVNyD6VdPxiD:/otssyKcunV8PjZIJy0i7SyWH1
                                                                                                                                                                                                                                                      MD5:16855EBEF31C5B1EBE767F1C617645B3
                                                                                                                                                                                                                                                      SHA1:315521F3A748ABFA35CD4D48E8DD09D0556D989B
                                                                                                                                                                                                                                                      SHA-256:A5C6A329698490A035133433928D04368CE6285BB91A9D074FC285DE4C9A32A4
                                                                                                                                                                                                                                                      SHA-512:C3957B3BD36B10C7AD6EA1FF3BC7BD65CDCEB3E6B4195A25D0649AA0DA179276CE170DA903D77B50A38FC3D5147A45BE32DBCFDBFBF76CC46301199C529ADEA4
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%?..a^e.a^e.a^e.).m.`^e.).e.`^e.)..`^e.).g.`^e.Richa^e.........PE..d......g.........." ...)............................................................z.....`.........................................`..................................../..............T............................................................................rdata..............................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI24482\python313.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):6083856
                                                                                                                                                                                                                                                      Entropy (8bit):6.126922729922386
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:49152:fXGc3O7T4DKX+vLFMmKYxiAYNBD987KdJlI9HbeX2jrgQcw6Zc4h67mM+XDQ3bLi:Of42zJiwJl/YF7v3vaHDMiEN3Kr
                                                                                                                                                                                                                                                      MD5:B9DE917B925DD246B709BB4233777EFD
                                                                                                                                                                                                                                                      SHA1:775F258D8B530C6EA9F0DD3D1D0B61C1948C25D2
                                                                                                                                                                                                                                                      SHA-256:0C0A66505093B6A4BB3475F716BD3D9552095776F6A124709C13B3F9552C7D99
                                                                                                                                                                                                                                                      SHA-512:F4BF3398F50FDD3AB7E3F02C1F940B4C8B5650ED7AF16C626CCD1B934053BA73A35F96DA03B349C1EB614BB23E0BC6B5CC58B07B7553A5C93C6D23124F324A33
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........s]{v ]{v ]{v M.w!_{v M.. S{v M.u!Y{v M.r!U{v M.s!P{v T.. G{v ..w!V{v ]{w .zv ..{!.{v ..v!\{v ... \{v ..t!\{v Rich]{v ........................PE..d......g.........." ...).:+..T9......J........................................d.....uF]...`...........................................O.....h.P.......d......0].......\../....d..... A3.T.....................I.(....?3.@............P+..............................text....8+......:+................. ..`.rdata....%..P+...%..>+.............@..@.data...$9....P..N....P.............@....pdata.......0]...... U.............@..@PyRuntim.N...._..P....W.............@....rsrc.........d.......[.............@..@.reloc........d.......[.............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI24482\pywin32_system32\pythoncom313.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):678400
                                                                                                                                                                                                                                                      Entropy (8bit):6.050905552138285
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6144:r0G3L613PCcuXLq0Qroh0abOY6RWd0GrNmFKlOKdSAjUpdc6YcAQE7KytwhrPYL+:AGm16c0QroXbWnGVlOKQpdAUmN+
                                                                                                                                                                                                                                                      MD5:070B0C071A05B06223B927F1711E0B9C
                                                                                                                                                                                                                                                      SHA1:C482B1E1C1CDA3E0AEB84A0C3EF315C355BA003B
                                                                                                                                                                                                                                                      SHA-256:9D1097ABAD812B53A68C2BFCF9EFEF7559E39873950A000FAC9A7C7C5B199292
                                                                                                                                                                                                                                                      SHA-512:D05389A078C66426EA9CA3A8DF1721ABE246F59A3684DCFA9C5B031A93D96506A0D3BB8795330CFC0E81B23BBF7D91BBDE51EFFD152A234BA5ED63673F41086B
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........~..-..-..-...-...-..,..-..,..-..,..-..,..-..,..-..,..-...,..-..,..-..-...-..,...-..,..-..,..-Rich..-................PE..d......g.........." ................4........................................ ............`..........................................u...c..............l....`...{............... ..`1..T............................1..8............................................text...#........................... ..`.rdata...$.......&..................@..@.data....L..........................@....pdata...{...`...|..................@..@.rsrc...l............4..............@..@.reloc... ......."...8..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI24482\pywin32_system32\pywintypes313.dll

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):135680
                                                                                                                                                                                                                                                      Entropy (8bit):6.0205382324631955
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3072:q9GPDeI1KuOQEbULZYY/r06YrqHXmZEdb/XAnLT:GgDJ1vOlbfY/rke3mZE9/XA
                                                                                                                                                                                                                                                      MD5:2A87D04E9E7CBFF67E8EA4F6315C0EBB
                                                                                                                                                                                                                                                      SHA1:CF5B2BB53B37087ECA18E509B8551ED5CB7575D9
                                                                                                                                                                                                                                                      SHA-256:D011068781CFBA0955258505DBE7E5C7D3D0B955E7F7640D2F1019D425278087
                                                                                                                                                                                                                                                      SHA-512:2138E051AC116D3ABE11101C75F8BD8388D7FBA89B15E6F82DC35FD78BDD913ED8BA468769F68440CE7834825806281AA15F0023855E3B8248266414D60A4A44
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.J+.z$x.z$x.z$x...x.z$xW.%y.z$xc..x.z$xW.!y.z$xW. y.z$xW.'y.z$xN. y.z$xM.%y.z$xN.%y.z$x.z%x.z$x..-y.z$x..$y.z$x..&y.z$xRich.z$x................PE..d...X..g.........." .........................................................`............`.........................................0...lB......,....@..l.... ...............P..0....a..T............................b..8...............p............................text...9........................... ..`.rdata..............................@..@.data....-.......(..................@....pdata....... ......................@..@.rsrc...l....@......................@..@.reloc..0....P......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI24482\select.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):30992
                                                                                                                                                                                                                                                      Entropy (8bit):6.554484610649281
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:7hhxm9tKLhuoNHfzzlvFy0ZZIJ9GckHQIYiSy1pCQ4HWSJIVE8E9VF0Ny6sC:tCytHf98uZIJ9Gx5YiSyvy2ES
                                                                                                                                                                                                                                                      MD5:20831703486869B470006941B4D996F2
                                                                                                                                                                                                                                                      SHA1:28851DFD43706542CD3EF1B88B5E2749562DFEE0
                                                                                                                                                                                                                                                      SHA-256:78E5994C29D8851F28B5B12D59D742D876683AEA58ECEEA1FB895B2036CDCDEB
                                                                                                                                                                                                                                                      SHA-512:4AAF5D66D2B73F939B9A91E7EDDFEB2CE2476C625586EF227B312230414C064AA850B02A4028363AA4664408C9510594754530A6D026A0A84BE0168D677C1BC4
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........tV..'V..'V..'_.j'T..'F:.&T..'F:.&R..'F:.&^..'F:.&Z..'.;.&T..'V..'...'...&S..'.;.&W..'.;.&W..'.;.'W..'.;.&W..'RichV..'................PE..d.....g.........." ...).....2............................................................`..........................................@..L...<A..x....p.......`.......J.../......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data...p....P.......8..............@....pdata.......`.......:..............@..@.rsrc........p.......>..............@..@.reloc..L............H..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI24482\unicodedata.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):709904
                                                                                                                                                                                                                                                      Entropy (8bit):5.861739047785334
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12288:FYGdLI/X77mvfldCKGihH32W3cnPSqrUgLIe:FYGW7qNxr3cnPXLIe
                                                                                                                                                                                                                                                      MD5:0902D299A2A487A7B0C2D75862B13640
                                                                                                                                                                                                                                                      SHA1:04BCBD5A11861A03A0D323A8050A677C3A88BE13
                                                                                                                                                                                                                                                      SHA-256:2693C7EE4FBA55DC548F641C0CB94485D0E18596FFEF16541BD43A5104C28B20
                                                                                                                                                                                                                                                      SHA-512:8CBEF5A9F2D24DA1014F8F1CCBDDD997A084A0B04DD56BCB6AC38DDB636D05EF7E4EA7F67A085363AAD3F43D45413914E55BDEF14A662E80BE955E6DFC2FECA3
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Q.............(.....(.....(.....(.....)................).....).....)x....)....Rich..................PE..d.....g.........." ...).B...f......P,..............................................<.....`.........................................P...X................................/..........p...T...........................0...@............`..h............................text....@.......B.................. ..`.rdata...?...`...@...F..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI24482\win32\_win32sysloader.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):14848
                                                                                                                                                                                                                                                      Entropy (8bit):5.116146861242879
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:ketklgde+ljBEs0I62SbPbVlQmUAaPHTPMRX7aMHvcqvn7yab6x/:/d1tT0h2SbAmFaPHTmphvH6x/
                                                                                                                                                                                                                                                      MD5:5521E251A515964D04BC90CE8A2AA24C
                                                                                                                                                                                                                                                      SHA1:F7B4AB985DC9A1C7EF2F716999D276D126515BEC
                                                                                                                                                                                                                                                      SHA-256:F382CFFA30F533484FA6314E90A1408F0826867D70B3320220FD86AAFAC37526
                                                                                                                                                                                                                                                      SHA-512:FFEB0185B6D74881B3DCA25BA1B11C33CBCF3B466F3F1B888D662611925399BA2C7D8F133673474F691C068E67811A3FAD0FC057036A5B156B735019FAA882B9
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........%g.ND..ND..ND..G<..LD...1..LD...<..LD...1..ED...1..FD...1..MD......MD..ND..dD..1..OD..1..OD..1..OD..RichND..................PE..d...|..g.........." ......................................................................`..........................................;..`...p;..d....p..t....`..................@...|2..T............................2..8............0..p............................text............................... ..`.rdata..4....0......................@..@.data........P......................@....pdata.......`.......0..............@..@.rsrc...t....p.......4..............@..@.reloc..@............8..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI24482\win32\win32api.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):133632
                                                                                                                                                                                                                                                      Entropy (8bit):5.868928551727267
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3072:mQKZG4IWJW8E60/c0nlRVFhLaNzvX2/qQvmYbtrprA3e:ZKZG7WgdnlRVgvm/qQDtrprA
                                                                                                                                                                                                                                                      MD5:C5067F04B506B09E48D4D07470E5A182
                                                                                                                                                                                                                                                      SHA1:20435C1A092141CE67E943C95E5CF522762ACD91
                                                                                                                                                                                                                                                      SHA-256:E19294BC2C145A9D87D4A2D8412830C8FF4C8C1B9AD005BD68ABD4B566AF1887
                                                                                                                                                                                                                                                      SHA-512:56F08A5EB927921DED50E92EA972253E68C1216DAA48871B3AA9ED62DB5712E665DFDA406C73E9F33736B61ED1F0CD016E6B4FFEE0237781FB98EEB63672F81E
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........V............................................+.............................................Rich............PE..d......g.........." .........................................................P............`......................................... ................0..\.......X............@..X...xv..T............................;..8............0..........@....................text............................... ..`.rdata......0......................@..@.data...X(......."..................@....pdata..X...........................@..@.rsrc...\....0......................@..@.reloc..X....@......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI24482\win32\win32trace.pyd

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):24064
                                                                                                                                                                                                                                                      Entropy (8bit):5.260538552870905
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:k1CAOcv3ugutnS5nW8sHt+9Nie20T8DmDxPBQ/vMj75yn9OJg1Bl:kh/pWKJPy/0PUOJuB
                                                                                                                                                                                                                                                      MD5:75C14B382EEF49322BB28F79DD2A7A54
                                                                                                                                                                                                                                                      SHA1:13CCCA1F8B19D68331E7FE981113B042FAC34408
                                                                                                                                                                                                                                                      SHA-256:5049C9956310FFC80C1C21C2D8A6562BA810E4592DB7DAD92462D238D82F65C0
                                                                                                                                                                                                                                                      SHA-512:3182316DEF1F09FF45C87BF6A099EF4C4D0AFA0CFF073C54AB59159E79E096ADCA0C4912B1851DE42E5EE0FC5B6C4163FCCB833A4CCE8F2AA42079D0C11D0D7A
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(U.F..F..F.......F...G...F...C...F...B...F...E..F.8.G...F...G...F...G...F..G...F.8.O..F.8.F..F.8.D..F.Rich.F.................PE..d...w..g.........." .....,...........(....................................................`..........................................Q..T....Q..........d....p..,....................G..T...........................0H..8............@...............................text....*.......,.................. ..`.rdata.......@.......0..............@..@.data...(....`.......L..............@....pdata..,....p.......R..............@..@.rsrc...d............X..............@..@.reloc...............\..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\gen_py\3.13\__init__.py

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):176
                                                                                                                                                                                                                                                      Entropy (8bit):4.713840781302666
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:S3yE25MOWrYXtHVE/DRFrgm5/gvJgXDLAUDA+ERo6+aEYqVS1f6gq1WGgVSBn:S3mSOWWHVUDjrgmxgRgzLXDA6Va8VeuR
                                                                                                                                                                                                                                                      MD5:8C7CA775CF482C6027B4A2D3DB0F6A31
                                                                                                                                                                                                                                                      SHA1:E3596A87DD6E81BA7CF43B0E8E80DA5BC823EA1A
                                                                                                                                                                                                                                                      SHA-256:52C72CF96B12AE74D84F6C049775DA045FAE47C007DC834CA4DAC607B6F518EA
                                                                                                                                                                                                                                                      SHA-512:19C7D229723249885B125121B3CC86E8C571360C1FB7F2AF92B251E6354A297B4C2B9A28E708F2394CA58C35B20987F8B65D9BD6543370F063BBD59DB4A186AC
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:# Generated file - this directory may be deleted to reset the COM cache.....import win32com..if __path__[:-1] != win32com.__gen_path__: __path__.append(win32com.__gen_path__)..

                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\gen_py\3.13\dicts.dat

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):10
                                                                                                                                                                                                                                                      Entropy (8bit):2.7219280948873625
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:qW6:qW6
                                                                                                                                                                                                                                                      MD5:2C7344F3031A5107275CE84AED227411
                                                                                                                                                                                                                                                      SHA1:68ACAD72A154CBE8B2D597655FF84FD31D57C43B
                                                                                                                                                                                                                                                      SHA-256:83CDA9FECC9C008B22C0C8E58CBCBFA577A3EF8EE9B2F983ED4A8659596D5C11
                                                                                                                                                                                                                                                      SHA-512:F58362C70A2017875D231831AE5868DF22D0017B00098A28AACB5753432E8C4267AA7CBF6C5680FEB2DC9B7ABADE5654C3651685167CC26AA208A9EB71528BB6
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..K....}..

                                                                                                                                                                                                                                                      C:\Users\user\Desktop\errors.log

                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (387), with CRLF line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):389
                                                                                                                                                                                                                                                      Entropy (8bit):5.486745695480586
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:lpIMN0CNrrhv0m/VQHj9LgYMd7mtY9tPc+Kxm:lpIQXhb2dG7/kU
                                                                                                                                                                                                                                                      MD5:A1D1AF0C58C3461E95AF95DA57B225E4
                                                                                                                                                                                                                                                      SHA1:8BF29D2BEC505127595A9EB924316A6539EF441A
                                                                                                                                                                                                                                                      SHA-256:2BBBBCACBEA590690CF54BD30787EE4182D3182A34A7518946BB52AA72E92571
                                                                                                                                                                                                                                                      SHA-512:383405F46BCBEEA4BF138FE6F09F38C69E864EE69834C8E82CC16157CD7F17F82F153055C7EFD44D1F6C02F6959171349FA241F495588FB88FB9177DB203BA54
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:2024-12-21 15:07:06,134 - ERROR - Error sending Telegram message: HTTPSConnectionPool(host='api.telegram.org', port=443): Max retries exceeded with url: /bot8198088572:AAHwnTyia_2pAX94h0pkYLAjGks3YjPwP0M/sendMessage (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1020)')))..

                                                                                                                                                                                                                                                      Static File Info

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Entropy (8bit):7.99424709182811
                                                                                                                                                                                                                                                      TrID:
                                                                                                                                                                                                                                                      • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                                                                                                                                                      • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                                                                                                      • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                      File name:user.exe
                                                                                                                                                                                                                                                      File size:15'746'174 bytes
                                                                                                                                                                                                                                                      MD5:9ac651562b490c1651fdd79149040bf8
                                                                                                                                                                                                                                                      SHA1:fc17e22b0f17755ee5a665c0dc4d128e4eb6d8c2
                                                                                                                                                                                                                                                      SHA256:c414aac5e5b64da60d998f5d82d3233204ddbe02981b8734fca6dd0b56f691cf
                                                                                                                                                                                                                                                      SHA512:04cbffc4d9291e6eb5a22ec5c9b784075834a8de35db0bac7b7f467d6a4afd509ac2e926c5714bd7431253d8d85ce1da6a3fe40ca3ca684416ac763a64a5bc85
                                                                                                                                                                                                                                                      SSDEEP:393216:dVlj87d5ta63hucsXMCHWUjvcuIF//PYPXCa:dVl8ZXr3hrsXMb8k1//w6a
                                                                                                                                                                                                                                                      TLSH:CAF6331756D81F9ED7A381B488A0934EE419BF9F06A3D56BD2A47A023D631C04CBFD72
                                                                                                                                                                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......n=..*\.Z*\.Z*\.Za$.[-\.Za$.[.\.Za$.[ \.Z:..Z)\.Z:..[#\.Z:..[;\.Z:..[.\.Za$.[!\.Z*\.Z.\.Zb..[3\.Zb..[+\.ZRich*\.Z........PE..d..

                                                                                                                                                                                                                                                      File Icon

                                                                                                                                                                                                                                                      Icon Hash:0f33a9cdcdc96317

                                                                                                                                                                                                                                                      Static PE Info

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Entrypoint:0x14000cdb0
                                                                                                                                                                                                                                                      Entrypoint Section:.text
                                                                                                                                                                                                                                                      Digitally signed:false
                                                                                                                                                                                                                                                      Imagebase:0x140000000
                                                                                                                                                                                                                                                      Subsystem:windows gui
                                                                                                                                                                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                                                                      DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                      Time Stamp:0x6766C772 [Sat Dec 21 13:49:38 2024 UTC]
                                                                                                                                                                                                                                                      TLS Callbacks:
                                                                                                                                                                                                                                                      CLR (.Net) Version:
                                                                                                                                                                                                                                                      OS Version Major:6
                                                                                                                                                                                                                                                      OS Version Minor:0
                                                                                                                                                                                                                                                      File Version Major:6
                                                                                                                                                                                                                                                      File Version Minor:0
                                                                                                                                                                                                                                                      Subsystem Version Major:6
                                                                                                                                                                                                                                                      Subsystem Version Minor:0
                                                                                                                                                                                                                                                      Import Hash:72c4e339b7af8ab1ed2eb3821c98713a

                                                                                                                                                                                                                                                      Entrypoint Preview

                                                                                                                                                                                                                                                      Instruction
                                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                                      sub esp, 28h
                                                                                                                                                                                                                                                      call 00007F4534BBFE2Ch
                                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                                      add esp, 28h
                                                                                                                                                                                                                                                      jmp 00007F4534BBFA4Fh
                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                                      sub esp, 28h
                                                                                                                                                                                                                                                      call 00007F4534BC01F8h
                                                                                                                                                                                                                                                      test eax, eax
                                                                                                                                                                                                                                                      je 00007F4534BBFBF3h
                                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                                      mov eax, dword ptr [00000030h]
                                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                                      mov ecx, dword ptr [eax+08h]
                                                                                                                                                                                                                                                      jmp 00007F4534BBFBD7h
                                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                                      cmp ecx, eax
                                                                                                                                                                                                                                                      je 00007F4534BBFBE6h
                                                                                                                                                                                                                                                      xor eax, eax
                                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                                      cmpxchg dword ptr [0003577Ch], ecx
                                                                                                                                                                                                                                                      jne 00007F4534BBFBC0h
                                                                                                                                                                                                                                                      xor al, al
                                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                                      add esp, 28h
                                                                                                                                                                                                                                                      ret
                                                                                                                                                                                                                                                      mov al, 01h
                                                                                                                                                                                                                                                      jmp 00007F4534BBFBC9h
                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                                      sub esp, 28h
                                                                                                                                                                                                                                                      test ecx, ecx
                                                                                                                                                                                                                                                      jne 00007F4534BBFBD9h
                                                                                                                                                                                                                                                      mov byte ptr [00035765h], 00000001h
                                                                                                                                                                                                                                                      call 00007F4534BBF325h
                                                                                                                                                                                                                                                      call 00007F4534BC0610h
                                                                                                                                                                                                                                                      test al, al
                                                                                                                                                                                                                                                      jne 00007F4534BBFBD6h
                                                                                                                                                                                                                                                      xor al, al
                                                                                                                                                                                                                                                      jmp 00007F4534BBFBE6h
                                                                                                                                                                                                                                                      call 00007F4534BCD12Fh
                                                                                                                                                                                                                                                      test al, al
                                                                                                                                                                                                                                                      jne 00007F4534BBFBDBh
                                                                                                                                                                                                                                                      xor ecx, ecx
                                                                                                                                                                                                                                                      call 00007F4534BC0620h
                                                                                                                                                                                                                                                      jmp 00007F4534BBFBBCh
                                                                                                                                                                                                                                                      mov al, 01h
                                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                                      add esp, 28h
                                                                                                                                                                                                                                                      ret
                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                      inc eax
                                                                                                                                                                                                                                                      push ebx
                                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                                      sub esp, 20h
                                                                                                                                                                                                                                                      cmp byte ptr [0003572Ch], 00000000h
                                                                                                                                                                                                                                                      mov ebx, ecx
                                                                                                                                                                                                                                                      jne 00007F4534BBFC39h
                                                                                                                                                                                                                                                      cmp ecx, 01h
                                                                                                                                                                                                                                                      jnbe 00007F4534BBFC3Ch
                                                                                                                                                                                                                                                      call 00007F4534BC016Eh
                                                                                                                                                                                                                                                      test eax, eax
                                                                                                                                                                                                                                                      je 00007F4534BBFBFAh
                                                                                                                                                                                                                                                      test ebx, ebx
                                                                                                                                                                                                                                                      jne 00007F4534BBFBF6h
                                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                                      lea ecx, dword ptr [00035716h]
                                                                                                                                                                                                                                                      call 00007F4534BCCF22h

                                                                                                                                                                                                                                                      Data Directories

                                                                                                                                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x3ca5c0x78.rdata
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x470000x10e34.rsrc
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x440000x2250.pdata
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x580000x764.reloc
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x3a0800x1c.rdata
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x39f400x140.rdata
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x2b0000x4a0.rdata
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                      Sections

                                                                                                                                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                      .text0x10000x29f000x2a0002a7ae207b6295492e9da088072661752False0.5514439174107143data6.487454925709845IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                      .rdata0x2b0000x12a500x12c001c532532da1a8d04f97d47e2e1d78425False0.524453125data5.7526106245790665IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                      .data0x3e0000x53f80xe00dba0caeecab624a0ccc0d577241601d1False0.134765625data1.8392217063172436IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                      .pdata0x440000x22500x2400f5559f14427a02f0a5dbd0dd026cae54False0.470703125data5.291665041994019IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                      .rsrc0x470000x10e340x11000e963a5ba5d34917c3f18755597b3b01eFalse0.13597196691176472data4.022502943941432IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                      .reloc0x580000x7640x800816c68eeb419ee2c08656c31c06a0fffFalse0.5576171875data5.2809528666624175IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                      Resources

                                                                                                                                                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                      RT_ICON0x470e80x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 3779 x 3779 px/m0.12723293505264402
                                                                                                                                                                                                                                                      RT_GROUP_ICON0x579100x14data1.15
                                                                                                                                                                                                                                                      RT_MANIFEST0x579240x50dXML 1.0 document, ASCII text0.4694508894044857

                                                                                                                                                                                                                                                      Imports

                                                                                                                                                                                                                                                      DLLImport
                                                                                                                                                                                                                                                      USER32.dllCreateWindowExW, ShutdownBlockReasonCreate, MsgWaitForMultipleObjects, ShowWindow, DestroyWindow, RegisterClassW, DefWindowProcW, PeekMessageW, DispatchMessageW, TranslateMessage, PostMessageW, GetMessageW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
                                                                                                                                                                                                                                                      COMCTL32.dll
                                                                                                                                                                                                                                                      KERNEL32.dllGetACP, IsValidCodePage, GetStringTypeW, GetFileAttributesExW, SetEnvironmentVariableW, FlushFileBuffers, GetCurrentDirectoryW, LCMapStringW, CompareStringW, FlsFree, GetOEMCP, GetCPInfo, GetModuleHandleW, MulDiv, FormatMessageW, GetLastError, GetModuleFileNameW, LoadLibraryExW, SetDllDirectoryW, CreateSymbolicLinkW, GetProcAddress, GetEnvironmentStringsW, GetCommandLineW, GetEnvironmentVariableW, ExpandEnvironmentStringsW, DeleteFileW, FindClose, FindFirstFileW, FindNextFileW, GetDriveTypeW, RemoveDirectoryW, GetTempPathW, CloseHandle, QueryPerformanceCounter, QueryPerformanceFrequency, WaitForSingleObject, Sleep, GetCurrentProcess, TerminateProcess, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LocalFree, SetConsoleCtrlHandler, K32EnumProcessModules, K32GetModuleFileNameExW, CreateFileW, FindFirstFileExW, GetFinalPathNameByHandleW, MultiByteToWideChar, WideCharToMultiByte, FlsSetValue, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, HeapReAlloc, WriteConsoleW, SetEndOfFile, CreateDirectoryW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsProcessorFeaturePresent, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, ReadFile, GetFullPathNameW, SetStdHandle, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue
                                                                                                                                                                                                                                                      ADVAPI32.dllOpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
                                                                                                                                                                                                                                                      GDI32.dllSelectObject, DeleteObject, CreateFontIndirectW

                                                                                                                                                                                                                                                      Network Behavior

                                                                                                                                                                                                                                                      Network Port Distribution

                                                                                                                                                                                                                                                      TCP Packets

                                                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                      Dec 21, 2024 19:52:07.336180925 CET49709443192.168.2.6149.154.167.220
                                                                                                                                                                                                                                                      Dec 21, 2024 19:52:07.336194038 CET44349709149.154.167.220192.168.2.6
                                                                                                                                                                                                                                                      Dec 21, 2024 19:52:07.336272001 CET49709443192.168.2.6149.154.167.220
                                                                                                                                                                                                                                                      Dec 21, 2024 19:52:07.337219954 CET49709443192.168.2.6149.154.167.220
                                                                                                                                                                                                                                                      Dec 21, 2024 19:52:07.337233067 CET44349709149.154.167.220192.168.2.6
                                                                                                                                                                                                                                                      Dec 21, 2024 19:52:08.733117104 CET44349709149.154.167.220192.168.2.6
                                                                                                                                                                                                                                                      Dec 21, 2024 19:52:08.734096050 CET49709443192.168.2.6149.154.167.220
                                                                                                                                                                                                                                                      Dec 21, 2024 19:52:08.734110117 CET44349709149.154.167.220192.168.2.6
                                                                                                                                                                                                                                                      Dec 21, 2024 19:52:08.735996008 CET44349709149.154.167.220192.168.2.6
                                                                                                                                                                                                                                                      Dec 21, 2024 19:52:08.736124992 CET49709443192.168.2.6149.154.167.220
                                                                                                                                                                                                                                                      Dec 21, 2024 19:52:08.737837076 CET49709443192.168.2.6149.154.167.220
                                                                                                                                                                                                                                                      Dec 21, 2024 19:52:08.738003969 CET49709443192.168.2.6149.154.167.220

                                                                                                                                                                                                                                                      UDP Packets

                                                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                      Dec 21, 2024 19:52:07.187279940 CET5461253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                      Dec 21, 2024 19:52:07.327248096 CET53546121.1.1.1192.168.2.6

                                                                                                                                                                                                                                                      DNS Queries

                                                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                      Dec 21, 2024 19:52:07.187279940 CET192.168.2.61.1.1.10x34a5Standard query (0)api.telegram.orgA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                      DNS Answers

                                                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                      Dec 21, 2024 19:52:07.327248096 CET1.1.1.1192.168.2.60x34a5No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                      Statistics

                                                                                                                                                                                                                                                      CPU Usage

                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                      Memory Usage

                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                                                                                                      Behavior

                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                      System Behavior

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Target ID:0
                                                                                                                                                                                                                                                      Start time:13:51:59
                                                                                                                                                                                                                                                      Start date:21/12/2024
                                                                                                                                                                                                                                                      Path:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\user.exe"
                                                                                                                                                                                                                                                      Imagebase:0x7ff715750000
                                                                                                                                                                                                                                                      File size:15'746'174 bytes
                                                                                                                                                                                                                                                      MD5 hash:9AC651562B490C1651FDD79149040BF8
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                      Target ID:2
                                                                                                                                                                                                                                                      Start time:13:52:02
                                                                                                                                                                                                                                                      Start date:21/12/2024
                                                                                                                                                                                                                                                      Path:C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\user.exe"
                                                                                                                                                                                                                                                      Imagebase:0x7ff715750000
                                                                                                                                                                                                                                                      File size:15'746'174 bytes
                                                                                                                                                                                                                                                      MD5 hash:9AC651562B490C1651FDD79149040BF8
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                      Disassembly

                                                                                                                                                                                                                                                      Reset < >

                                                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                                                        Execution Coverage:9.5%
                                                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                        Signature Coverage:20.1%
                                                                                                                                                                                                                                                        Total number of Nodes:2000
                                                                                                                                                                                                                                                        Total number of Limit Nodes:26
                                                                                                                                                                                                                                                        execution_graph 20434 7ff71576c520 20445 7ff7157702d8 EnterCriticalSection 20434->20445 18775 7ff715765628 18776 7ff71576565f 18775->18776 18777 7ff715765642 18775->18777 18776->18777 18778 7ff715765672 CreateFileW 18776->18778 18779 7ff715764ee8 _fread_nolock 11 API calls 18777->18779 18780 7ff7157656dc 18778->18780 18781 7ff7157656a6 18778->18781 18782 7ff715765647 18779->18782 18826 7ff715765c04 18780->18826 18800 7ff71576577c GetFileType 18781->18800 18785 7ff715764f08 memcpy_s 11 API calls 18782->18785 18788 7ff71576564f 18785->18788 18793 7ff71576a8e0 _invalid_parameter_noinfo 37 API calls 18788->18793 18789 7ff7157656bb CloseHandle 18795 7ff71576565a 18789->18795 18790 7ff7157656d1 CloseHandle 18790->18795 18791 7ff7157656e5 18796 7ff715764e7c _fread_nolock 11 API calls 18791->18796 18792 7ff715765710 18847 7ff7157659c4 18792->18847 18793->18795 18799 7ff7157656ef 18796->18799 18799->18795 18801 7ff715765887 18800->18801 18802 7ff7157657ca 18800->18802 18804 7ff71576588f 18801->18804 18805 7ff7157658b1 18801->18805 18803 7ff7157657f6 GetFileInformationByHandle 18802->18803 18810 7ff715765b00 21 API calls 18802->18810 18806 7ff71576581f 18803->18806 18807 7ff7157658a2 GetLastError 18803->18807 18804->18807 18808 7ff715765893 18804->18808 18809 7ff7157658d4 PeekNamedPipe 18805->18809 18816 7ff715765872 18805->18816 18811 7ff7157659c4 51 API calls 18806->18811 18813 7ff715764e7c _fread_nolock 11 API calls 18807->18813 18812 7ff715764f08 memcpy_s 11 API calls 18808->18812 18809->18816 18814 7ff7157657e4 18810->18814 18815 7ff71576582a 18811->18815 18812->18816 18813->18816 18814->18803 18814->18816 18864 7ff715765924 18815->18864 18817 7ff71575c550 _log10_special 8 API calls 18816->18817 18819 7ff7157656b4 18817->18819 18819->18789 18819->18790 18821 7ff715765924 10 API calls 18822 7ff715765849 18821->18822 18823 7ff715765924 10 API calls 18822->18823 18824 7ff71576585a 18823->18824 18824->18816 18825 7ff715764f08 memcpy_s 11 API calls 18824->18825 18825->18816 18827 7ff715765c3a 18826->18827 18828 7ff715764f08 memcpy_s 11 API calls 18827->18828 18841 7ff715765cd2 __vcrt_freefls 18827->18841 18830 7ff715765c4c 18828->18830 18829 7ff71575c550 _log10_special 8 API calls 18831 7ff7157656e1 18829->18831 18832 7ff715764f08 memcpy_s 11 API calls 18830->18832 18831->18791 18831->18792 18833 7ff715765c54 18832->18833 18834 7ff715767e08 45 API calls 18833->18834 18835 7ff715765c69 18834->18835 18836 7ff715765c7b 18835->18836 18837 7ff715765c71 18835->18837 18839 7ff715764f08 memcpy_s 11 API calls 18836->18839 18838 7ff715764f08 memcpy_s 11 API calls 18837->18838 18846 7ff715765c76 18838->18846 18840 7ff715765c80 18839->18840 18840->18841 18842 7ff715764f08 memcpy_s 11 API calls 18840->18842 18841->18829 18843 7ff715765c8a 18842->18843 18844 7ff715767e08 45 API calls 18843->18844 18844->18846 18845 7ff715765cc4 GetDriveTypeW 18845->18841 18846->18841 18846->18845 18849 7ff7157659ec 18847->18849 18848 7ff71576571d 18857 7ff715765b00 18848->18857 18849->18848 18871 7ff71576f724 18849->18871 18851 7ff715765a80 18851->18848 18852 7ff71576f724 51 API calls 18851->18852 18853 7ff715765a93 18852->18853 18853->18848 18854 7ff71576f724 51 API calls 18853->18854 18855 7ff715765aa6 18854->18855 18855->18848 18856 7ff71576f724 51 API calls 18855->18856 18856->18848 18858 7ff715765b1a 18857->18858 18859 7ff715765b51 18858->18859 18860 7ff715765b2a 18858->18860 18861 7ff71576f5b8 21 API calls 18859->18861 18862 7ff715764e7c _fread_nolock 11 API calls 18860->18862 18863 7ff715765b3a 18860->18863 18861->18863 18862->18863 18863->18799 18865 7ff71576594d FileTimeToSystemTime 18864->18865 18866 7ff715765940 18864->18866 18867 7ff715765948 18865->18867 18868 7ff715765961 SystemTimeToTzSpecificLocalTime 18865->18868 18866->18865 18866->18867 18869 7ff71575c550 _log10_special 8 API calls 18867->18869 18868->18867 18870 7ff715765839 18869->18870 18870->18821 18872 7ff71576f755 18871->18872 18873 7ff71576f731 18871->18873 18875 7ff71576f78f 18872->18875 18879 7ff71576f7ae 18872->18879 18873->18872 18874 7ff71576f736 18873->18874 18876 7ff715764f08 memcpy_s 11 API calls 18874->18876 18878 7ff715764f08 memcpy_s 11 API calls 18875->18878 18877 7ff71576f73b 18876->18877 18880 7ff71576a8e0 _invalid_parameter_noinfo 37 API calls 18877->18880 18881 7ff71576f794 18878->18881 18882 7ff715764f4c 45 API calls 18879->18882 18883 7ff71576f746 18880->18883 18884 7ff71576a8e0 _invalid_parameter_noinfo 37 API calls 18881->18884 18887 7ff71576f7bb 18882->18887 18883->18851 18885 7ff71576f79f 18884->18885 18885->18851 18886 7ff7157704dc 51 API calls 18886->18887 18887->18885 18887->18886 19588 7ff7157716b0 19599 7ff7157773e4 19588->19599 19600 7ff7157773f1 19599->19600 19601 7ff71576a948 __free_lconv_mon 11 API calls 19600->19601 19602 7ff71577740d 19600->19602 19601->19600 19603 7ff71576a948 __free_lconv_mon 11 API calls 19602->19603 19604 7ff7157716b9 19602->19604 19603->19602 19605 7ff7157702d8 EnterCriticalSection 19604->19605 15918 7ff71575cc3c 15939 7ff71575ce0c 15918->15939 15921 7ff71575cd88 16093 7ff71575d12c IsProcessorFeaturePresent 15921->16093 15922 7ff71575cc58 __scrt_acquire_startup_lock 15924 7ff71575cd92 15922->15924 15928 7ff71575cc76 __scrt_release_startup_lock 15922->15928 15925 7ff71575d12c 7 API calls 15924->15925 15927 7ff71575cd9d __FrameHandler3::FrameUnwindToEmptyState 15925->15927 15926 7ff71575cc9b 15928->15926 15929 7ff71575cd21 15928->15929 16082 7ff715769b2c 15928->16082 15945 7ff71575d274 15929->15945 15931 7ff71575cd26 15948 7ff715751000 15931->15948 15936 7ff71575cd49 15936->15927 16089 7ff71575cf90 15936->16089 15940 7ff71575ce14 15939->15940 15941 7ff71575ce20 __scrt_dllmain_crt_thread_attach 15940->15941 15942 7ff71575cc50 15941->15942 15943 7ff71575ce2d 15941->15943 15942->15921 15942->15922 15943->15942 16100 7ff71575d888 15943->16100 16127 7ff71577a4d0 15945->16127 15947 7ff71575d28b GetStartupInfoW 15947->15931 15949 7ff715751009 15948->15949 16129 7ff715765484 15949->16129 15951 7ff7157537fb 16136 7ff7157536b0 15951->16136 15957 7ff71575391b 16312 7ff7157545c0 15957->16312 15958 7ff71575383c 16303 7ff715751c80 15958->16303 15962 7ff71575385b 16208 7ff715758830 15962->16208 15965 7ff71575396a 16335 7ff715752710 15965->16335 15967 7ff71575388e 15975 7ff7157538bb __vcrt_freefls 15967->15975 16307 7ff7157589a0 15967->16307 15969 7ff71575395d 15970 7ff715753984 15969->15970 15971 7ff715753962 15969->15971 15973 7ff715751c80 49 API calls 15970->15973 16331 7ff71576004c 15971->16331 15976 7ff7157539a3 15973->15976 15977 7ff715758830 14 API calls 15975->15977 15984 7ff7157538de __vcrt_freefls 15975->15984 15981 7ff715751950 115 API calls 15976->15981 15977->15984 15978 7ff715758940 40 API calls 15979 7ff715753a0b 15978->15979 15980 7ff7157589a0 40 API calls 15979->15980 15982 7ff715753a17 15980->15982 15983 7ff7157539ce 15981->15983 15985 7ff7157589a0 40 API calls 15982->15985 15983->15962 15986 7ff7157539de 15983->15986 15984->15978 15990 7ff71575390e __vcrt_freefls 15984->15990 15987 7ff715753a23 15985->15987 15988 7ff715752710 54 API calls 15986->15988 15989 7ff7157589a0 40 API calls 15987->15989 15996 7ff715753808 __vcrt_freefls 15988->15996 15989->15990 15991 7ff715758830 14 API calls 15990->15991 15992 7ff715753a3b 15991->15992 15993 7ff715753b2f 15992->15993 15994 7ff715753a60 __vcrt_freefls 15992->15994 15995 7ff715752710 54 API calls 15993->15995 16008 7ff715753aab 15994->16008 16221 7ff715758940 15994->16221 15995->15996 16346 7ff71575c550 15996->16346 15998 7ff715758830 14 API calls 15999 7ff715753bf4 __vcrt_freefls 15998->15999 16000 7ff715753c46 15999->16000 16001 7ff715753d41 15999->16001 16002 7ff715753cd4 16000->16002 16003 7ff715753c50 16000->16003 16355 7ff7157544e0 16001->16355 16006 7ff715758830 14 API calls 16002->16006 16228 7ff7157590e0 16003->16228 16010 7ff715753ce0 16006->16010 16007 7ff715753d4f 16011 7ff715753d65 16007->16011 16012 7ff715753d71 16007->16012 16008->15998 16013 7ff715753c61 16010->16013 16016 7ff715753ced 16010->16016 16358 7ff715754630 16011->16358 16015 7ff715751c80 49 API calls 16012->16015 16018 7ff715752710 54 API calls 16013->16018 16025 7ff715753cc8 __vcrt_freefls 16015->16025 16019 7ff715751c80 49 API calls 16016->16019 16018->15996 16022 7ff715753d0b 16019->16022 16020 7ff715753dc4 16278 7ff715759390 16020->16278 16022->16025 16026 7ff715753d12 16022->16026 16024 7ff715753dd7 SetDllDirectoryW 16030 7ff715753e0a 16024->16030 16031 7ff715753e5a 16024->16031 16025->16020 16027 7ff715753da7 SetDllDirectoryW LoadLibraryExW 16025->16027 16029 7ff715752710 54 API calls 16026->16029 16027->16020 16029->15996 16032 7ff715758830 14 API calls 16030->16032 16033 7ff715754008 16031->16033 16034 7ff715753f1b 16031->16034 16040 7ff715753e16 __vcrt_freefls 16032->16040 16035 7ff715754035 16033->16035 16036 7ff715754012 PostMessageW GetMessageW 16033->16036 16283 7ff7157533c0 16034->16283 16435 7ff715753360 16035->16435 16036->16035 16043 7ff715753ef2 16040->16043 16047 7ff715753e4e 16040->16047 16046 7ff715758940 40 API calls 16043->16046 16046->16031 16047->16031 16361 7ff715756dc0 16047->16361 16083 7ff715769b43 16082->16083 16084 7ff715769b64 16082->16084 16083->15929 18671 7ff71576a3d8 16084->18671 16087 7ff71575d2b8 GetModuleHandleW 16088 7ff71575d2c9 16087->16088 16088->15936 16090 7ff71575cfa1 16089->16090 16091 7ff71575cd60 16090->16091 16092 7ff71575d888 7 API calls 16090->16092 16091->15926 16092->16091 16094 7ff71575d152 memcpy_s __FrameHandler3::FrameUnwindToEmptyState 16093->16094 16095 7ff71575d171 RtlCaptureContext RtlLookupFunctionEntry 16094->16095 16096 7ff71575d19a RtlVirtualUnwind 16095->16096 16097 7ff71575d1d6 memcpy_s 16095->16097 16096->16097 16098 7ff71575d208 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16097->16098 16099 7ff71575d256 __FrameHandler3::FrameUnwindToEmptyState 16098->16099 16099->15924 16101 7ff71575d89a 16100->16101 16102 7ff71575d890 16100->16102 16101->15942 16106 7ff71575dc24 16102->16106 16107 7ff71575dc33 16106->16107 16108 7ff71575d895 16106->16108 16114 7ff71575de60 16107->16114 16110 7ff71575dc90 16108->16110 16111 7ff71575dcbb 16110->16111 16112 7ff71575dc9e DeleteCriticalSection 16111->16112 16113 7ff71575dcbf 16111->16113 16112->16111 16113->16101 16118 7ff71575dcc8 16114->16118 16119 7ff71575ddb2 TlsFree 16118->16119 16124 7ff71575dd0c __vcrt_InitializeCriticalSectionEx 16118->16124 16120 7ff71575dd3a LoadLibraryExW 16121 7ff71575dd5b GetLastError 16120->16121 16122 7ff71575ddd9 16120->16122 16121->16124 16123 7ff71575ddf9 GetProcAddress 16122->16123 16125 7ff71575ddf0 FreeLibrary 16122->16125 16123->16119 16124->16119 16124->16120 16124->16123 16126 7ff71575dd7d LoadLibraryExW 16124->16126 16125->16123 16126->16122 16126->16124 16128 7ff71577a4c0 16127->16128 16128->15947 16128->16128 16130 7ff71576f480 16129->16130 16132 7ff71576f526 16130->16132 16133 7ff71576f4d3 16130->16133 16458 7ff71576f358 16132->16458 16448 7ff71576a814 16133->16448 16135 7ff71576f4fc 16135->15951 16565 7ff71575c850 16136->16565 16139 7ff7157536eb GetLastError 16572 7ff715752c50 16139->16572 16140 7ff715753710 16567 7ff715759280 FindFirstFileExW 16140->16567 16144 7ff715753706 16148 7ff71575c550 _log10_special 8 API calls 16144->16148 16145 7ff71575377d 16598 7ff715759440 16145->16598 16146 7ff715753723 16587 7ff715759300 CreateFileW 16146->16587 16151 7ff7157537b5 16148->16151 16150 7ff71575378b 16150->16144 16155 7ff715752810 49 API calls 16150->16155 16151->15996 16158 7ff715751950 16151->16158 16153 7ff71575374c __vcrt_InitializeCriticalSectionEx 16153->16145 16154 7ff715753734 16590 7ff715752810 16154->16590 16155->16144 16159 7ff7157545c0 108 API calls 16158->16159 16160 7ff715751985 16159->16160 16162 7ff715757f90 83 API calls 16160->16162 16168 7ff715751c43 16160->16168 16161 7ff71575c550 _log10_special 8 API calls 16163 7ff715751c5e 16161->16163 16164 7ff7157519cb 16162->16164 16163->15957 16163->15958 16207 7ff715751a03 16164->16207 17003 7ff7157606d4 16164->17003 16166 7ff71576004c 74 API calls 16166->16168 16167 7ff7157519e5 16169 7ff715751a08 16167->16169 16170 7ff7157519e9 16167->16170 16168->16161 17007 7ff71576039c 16169->17007 16171 7ff715764f08 memcpy_s 11 API calls 16170->16171 16173 7ff7157519ee 16171->16173 17010 7ff715752910 16173->17010 16176 7ff715751a45 16180 7ff715751a7b 16176->16180 16181 7ff715751a5c 16176->16181 16177 7ff715751a26 16178 7ff715764f08 memcpy_s 11 API calls 16177->16178 16179 7ff715751a2b 16178->16179 16182 7ff715752910 54 API calls 16179->16182 16184 7ff715751c80 49 API calls 16180->16184 16183 7ff715764f08 memcpy_s 11 API calls 16181->16183 16182->16207 16185 7ff715751a61 16183->16185 16186 7ff715751a92 16184->16186 16187 7ff715752910 54 API calls 16185->16187 16188 7ff715751c80 49 API calls 16186->16188 16187->16207 16189 7ff715751add 16188->16189 16190 7ff7157606d4 73 API calls 16189->16190 16191 7ff715751b01 16190->16191 16192 7ff715751b35 16191->16192 16193 7ff715751b16 16191->16193 16195 7ff71576039c _fread_nolock 53 API calls 16192->16195 16194 7ff715764f08 memcpy_s 11 API calls 16193->16194 16196 7ff715751b1b 16194->16196 16197 7ff715751b4a 16195->16197 16198 7ff715752910 54 API calls 16196->16198 16199 7ff715751b6f 16197->16199 16200 7ff715751b50 16197->16200 16198->16207 17025 7ff715760110 16199->17025 16201 7ff715764f08 memcpy_s 11 API calls 16200->16201 16203 7ff715751b55 16201->16203 16205 7ff715752910 54 API calls 16203->16205 16205->16207 16206 7ff715752710 54 API calls 16206->16207 16207->16166 16209 7ff71575883a 16208->16209 16210 7ff715759390 2 API calls 16209->16210 16211 7ff715758859 GetEnvironmentVariableW 16210->16211 16212 7ff715758876 ExpandEnvironmentStringsW 16211->16212 16213 7ff7157588c2 16211->16213 16212->16213 16215 7ff715758898 16212->16215 16214 7ff71575c550 _log10_special 8 API calls 16213->16214 16216 7ff7157588d4 16214->16216 16217 7ff715759440 2 API calls 16215->16217 16216->15967 16218 7ff7157588aa 16217->16218 16219 7ff71575c550 _log10_special 8 API calls 16218->16219 16220 7ff7157588ba 16219->16220 16220->15967 16222 7ff715759390 2 API calls 16221->16222 16223 7ff71575895c 16222->16223 16224 7ff715759390 2 API calls 16223->16224 16225 7ff71575896c 16224->16225 17243 7ff715768238 16225->17243 16227 7ff71575897a __vcrt_freefls 16227->16008 16229 7ff7157590f5 16228->16229 17261 7ff715758570 GetCurrentProcess OpenProcessToken 16229->17261 16232 7ff715758570 7 API calls 16233 7ff715759121 16232->16233 16234 7ff71575913a 16233->16234 16235 7ff715759154 16233->16235 16236 7ff7157526b0 48 API calls 16234->16236 16237 7ff7157526b0 48 API calls 16235->16237 16238 7ff715759152 16236->16238 16239 7ff715759167 LocalFree LocalFree 16237->16239 16238->16239 16240 7ff715759183 16239->16240 16242 7ff71575918f 16239->16242 17271 7ff715752b50 16240->17271 16243 7ff71575c550 _log10_special 8 API calls 16242->16243 16244 7ff715753c55 16243->16244 16244->16013 16245 7ff715758660 16244->16245 16246 7ff715758678 16245->16246 16247 7ff71575869c 16246->16247 16248 7ff7157586fa GetTempPathW GetCurrentProcessId 16246->16248 16250 7ff715758830 14 API calls 16247->16250 17280 7ff7157525c0 16248->17280 16252 7ff7157586a8 16250->16252 16251 7ff715758728 __vcrt_freefls 16264 7ff715758765 __vcrt_freefls 16251->16264 17284 7ff715768b68 16251->17284 17287 7ff7157581d0 16252->17287 16263 7ff71575c550 _log10_special 8 API calls 16265 7ff715753cbb 16263->16265 16269 7ff715759390 2 API calls 16264->16269 16277 7ff7157587d4 __vcrt_freefls 16264->16277 16265->16013 16265->16025 16270 7ff7157587b1 16269->16270 16271 7ff7157587e9 16270->16271 16272 7ff7157587b6 16270->16272 16273 7ff715768238 38 API calls 16271->16273 16274 7ff715759390 2 API calls 16272->16274 16273->16277 16277->16263 16279 7ff7157593b2 MultiByteToWideChar 16278->16279 16281 7ff7157593d6 16278->16281 16279->16281 16282 7ff7157593ec __vcrt_freefls 16279->16282 16280 7ff7157593f3 MultiByteToWideChar 16280->16282 16281->16280 16281->16282 16282->16024 16295 7ff7157533ce memcpy_s 16283->16295 16284 7ff7157535c7 16285 7ff71575c550 _log10_special 8 API calls 16284->16285 16286 7ff715753664 16285->16286 16286->15996 16302 7ff7157590c0 LocalFree 16286->16302 16288 7ff715751c80 49 API calls 16288->16295 16289 7ff7157535e2 16291 7ff715752710 54 API calls 16289->16291 16291->16284 16294 7ff7157535c9 16296 7ff715752710 54 API calls 16294->16296 16295->16284 16295->16288 16295->16289 16295->16294 16297 7ff715752a50 54 API calls 16295->16297 16300 7ff7157535d0 16295->16300 17558 7ff715754560 16295->17558 17564 7ff715757e20 16295->17564 17575 7ff715751600 16295->17575 17623 7ff715757120 16295->17623 17627 7ff715754190 16295->17627 17671 7ff715754450 16295->17671 16296->16284 16297->16295 16301 7ff715752710 54 API calls 16300->16301 16301->16284 16304 7ff715751ca5 16303->16304 16305 7ff715764984 49 API calls 16304->16305 16306 7ff715751cc8 16305->16306 16306->15962 16308 7ff715759390 2 API calls 16307->16308 16309 7ff7157589b4 16308->16309 16310 7ff715768238 38 API calls 16309->16310 16311 7ff7157589c6 __vcrt_freefls 16310->16311 16311->15975 16313 7ff7157545cc 16312->16313 16314 7ff715759390 2 API calls 16313->16314 16315 7ff7157545f4 16314->16315 16316 7ff715759390 2 API calls 16315->16316 16317 7ff715754607 16316->16317 17854 7ff715765f94 16317->17854 16320 7ff71575c550 _log10_special 8 API calls 16321 7ff71575392b 16320->16321 16321->15965 16322 7ff715757f90 16321->16322 16323 7ff715757fb4 16322->16323 16324 7ff71575808b __vcrt_freefls 16323->16324 16325 7ff7157606d4 73 API calls 16323->16325 16324->15969 16326 7ff715757fd0 16325->16326 16326->16324 18245 7ff7157678c8 16326->18245 16328 7ff7157606d4 73 API calls 16329 7ff715757fe5 16328->16329 16329->16324 16329->16328 16330 7ff71576039c _fread_nolock 53 API calls 16329->16330 16330->16329 16332 7ff71576007c 16331->16332 18260 7ff71575fe28 16332->18260 16334 7ff715760095 16334->15965 16336 7ff71575c850 16335->16336 16337 7ff715752734 GetCurrentProcessId 16336->16337 16338 7ff715751c80 49 API calls 16337->16338 16339 7ff715752787 16338->16339 16340 7ff715764984 49 API calls 16339->16340 16341 7ff7157527cf 16340->16341 16342 7ff715752620 12 API calls 16341->16342 16343 7ff7157527f1 16342->16343 16344 7ff71575c550 _log10_special 8 API calls 16343->16344 16345 7ff715752801 16344->16345 16345->15996 16347 7ff71575c559 16346->16347 16348 7ff715753ca7 16347->16348 16349 7ff71575c8e0 IsProcessorFeaturePresent 16347->16349 16348->16087 16350 7ff71575c8f8 16349->16350 18271 7ff71575cad8 RtlCaptureContext 16350->18271 16356 7ff715751c80 49 API calls 16355->16356 16357 7ff7157544fd 16356->16357 16357->16007 16359 7ff715751c80 49 API calls 16358->16359 16360 7ff715754660 16359->16360 16360->16025 16362 7ff715756dd5 16361->16362 16363 7ff715753e6c 16362->16363 16364 7ff715764f08 memcpy_s 11 API calls 16362->16364 16367 7ff715757340 16363->16367 16365 7ff715756de2 16364->16365 16366 7ff715752910 54 API calls 16365->16366 16366->16363 18276 7ff715751470 16367->18276 16369 7ff715757368 18382 7ff715756360 16435->18382 16438 7ff715753399 16444 7ff715753670 16438->16444 16465 7ff71576a55c 16448->16465 16452 7ff71576a84f 16452->16135 16564 7ff71576546c EnterCriticalSection 16458->16564 16466 7ff71576a578 GetLastError 16465->16466 16467 7ff71576a5b3 16465->16467 16468 7ff71576a588 16466->16468 16467->16452 16471 7ff71576a5c8 16467->16471 16478 7ff71576b390 16468->16478 16472 7ff71576a5fc 16471->16472 16473 7ff71576a5e4 GetLastError SetLastError 16471->16473 16472->16452 16474 7ff71576a900 IsProcessorFeaturePresent 16472->16474 16473->16472 16475 7ff71576a913 16474->16475 16556 7ff71576a614 16475->16556 16479 7ff71576b3ca FlsSetValue 16478->16479 16480 7ff71576b3af FlsGetValue 16478->16480 16482 7ff71576b3d7 16479->16482 16492 7ff71576a5a3 SetLastError 16479->16492 16481 7ff71576b3c4 16480->16481 16480->16492 16481->16479 16495 7ff71576eb98 16482->16495 16485 7ff71576b404 FlsSetValue 16487 7ff71576b422 16485->16487 16488 7ff71576b410 FlsSetValue 16485->16488 16486 7ff71576b3f4 FlsSetValue 16489 7ff71576b3fd 16486->16489 16508 7ff71576aef4 16487->16508 16488->16489 16502 7ff71576a948 16489->16502 16492->16467 16500 7ff71576eba9 memcpy_s 16495->16500 16496 7ff71576ebfa 16516 7ff715764f08 16496->16516 16497 7ff71576ebde HeapAlloc 16498 7ff71576b3e6 16497->16498 16497->16500 16498->16485 16498->16486 16500->16496 16500->16497 16513 7ff715773590 16500->16513 16503 7ff71576a94d RtlFreeHeap 16502->16503 16504 7ff71576a97c 16502->16504 16503->16504 16505 7ff71576a968 GetLastError 16503->16505 16504->16492 16506 7ff71576a975 __free_lconv_mon 16505->16506 16507 7ff715764f08 memcpy_s 9 API calls 16506->16507 16507->16504 16542 7ff71576adcc 16508->16542 16519 7ff7157735d0 16513->16519 16525 7ff71576b2c8 GetLastError 16516->16525 16518 7ff715764f11 16518->16498 16524 7ff7157702d8 EnterCriticalSection 16519->16524 16526 7ff71576b2ec 16525->16526 16527 7ff71576b309 FlsSetValue 16525->16527 16526->16527 16539 7ff71576b2f9 16526->16539 16528 7ff71576b31b 16527->16528 16527->16539 16530 7ff71576eb98 memcpy_s 5 API calls 16528->16530 16529 7ff71576b375 SetLastError 16529->16518 16531 7ff71576b32a 16530->16531 16532 7ff71576b348 FlsSetValue 16531->16532 16533 7ff71576b338 FlsSetValue 16531->16533 16535 7ff71576b366 16532->16535 16536 7ff71576b354 FlsSetValue 16532->16536 16534 7ff71576b341 16533->16534 16537 7ff71576a948 __free_lconv_mon 5 API calls 16534->16537 16538 7ff71576aef4 memcpy_s 5 API calls 16535->16538 16536->16534 16537->16539 16540 7ff71576b36e 16538->16540 16539->16529 16541 7ff71576a948 __free_lconv_mon 5 API calls 16540->16541 16541->16529 16554 7ff7157702d8 EnterCriticalSection 16542->16554 16557 7ff71576a64e memcpy_s __FrameHandler3::FrameUnwindToEmptyState 16556->16557 16558 7ff71576a676 RtlCaptureContext RtlLookupFunctionEntry 16557->16558 16559 7ff71576a6e6 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16558->16559 16560 7ff71576a6b0 RtlVirtualUnwind 16558->16560 16561 7ff71576a738 __FrameHandler3::FrameUnwindToEmptyState 16559->16561 16560->16559 16562 7ff71575c550 _log10_special 8 API calls 16561->16562 16563 7ff71576a757 GetCurrentProcess TerminateProcess 16562->16563 16566 7ff7157536bc GetModuleFileNameW 16565->16566 16566->16139 16566->16140 16568 7ff7157592bf FindClose 16567->16568 16569 7ff7157592d2 16567->16569 16568->16569 16570 7ff71575c550 _log10_special 8 API calls 16569->16570 16571 7ff71575371a 16570->16571 16571->16145 16571->16146 16573 7ff71575c850 16572->16573 16574 7ff715752c70 GetCurrentProcessId 16573->16574 16603 7ff7157526b0 16574->16603 16576 7ff715752cb9 16607 7ff715764bd8 16576->16607 16579 7ff7157526b0 48 API calls 16580 7ff715752d34 FormatMessageW 16579->16580 16582 7ff715752d6d 16580->16582 16583 7ff715752d7f MessageBoxW 16580->16583 16584 7ff7157526b0 48 API calls 16582->16584 16585 7ff71575c550 _log10_special 8 API calls 16583->16585 16584->16583 16586 7ff715752daf 16585->16586 16586->16144 16588 7ff715753730 16587->16588 16589 7ff715759340 GetFinalPathNameByHandleW CloseHandle 16587->16589 16588->16153 16588->16154 16589->16588 16591 7ff715752834 16590->16591 16592 7ff7157526b0 48 API calls 16591->16592 16593 7ff715752887 16592->16593 16594 7ff715764bd8 48 API calls 16593->16594 16595 7ff7157528d0 MessageBoxW 16594->16595 16596 7ff71575c550 _log10_special 8 API calls 16595->16596 16597 7ff715752900 16596->16597 16597->16144 16599 7ff71575946a WideCharToMultiByte 16598->16599 16600 7ff715759495 16598->16600 16599->16600 16602 7ff7157594ab __vcrt_freefls 16599->16602 16601 7ff7157594b2 WideCharToMultiByte 16600->16601 16600->16602 16601->16602 16602->16150 16604 7ff7157526d5 16603->16604 16605 7ff715764bd8 48 API calls 16604->16605 16606 7ff7157526f8 16605->16606 16606->16576 16610 7ff715764c32 16607->16610 16608 7ff715764c57 16609 7ff71576a814 _invalid_parameter_noinfo 37 API calls 16608->16609 16613 7ff715764c81 16609->16613 16610->16608 16611 7ff715764c93 16610->16611 16625 7ff715762f90 16611->16625 16615 7ff71575c550 _log10_special 8 API calls 16613->16615 16618 7ff715752d04 16615->16618 16616 7ff71576a948 __free_lconv_mon 11 API calls 16616->16613 16617 7ff715764d40 16619 7ff715764d74 16617->16619 16621 7ff715764d49 16617->16621 16618->16579 16619->16616 16620 7ff715764d9a 16620->16619 16622 7ff715764da4 16620->16622 16623 7ff71576a948 __free_lconv_mon 11 API calls 16621->16623 16624 7ff71576a948 __free_lconv_mon 11 API calls 16622->16624 16623->16613 16624->16613 16626 7ff715762fce 16625->16626 16631 7ff715762fbe 16625->16631 16627 7ff715762fd7 16626->16627 16632 7ff715763005 16626->16632 16629 7ff71576a814 _invalid_parameter_noinfo 37 API calls 16627->16629 16628 7ff71576a814 _invalid_parameter_noinfo 37 API calls 16630 7ff715762ffd 16628->16630 16629->16630 16630->16617 16630->16619 16630->16620 16630->16621 16631->16628 16632->16630 16632->16631 16636 7ff7157639a4 16632->16636 16669 7ff7157633f0 16632->16669 16706 7ff715762b80 16632->16706 16637 7ff715763a57 16636->16637 16638 7ff7157639e6 16636->16638 16641 7ff715763a5c 16637->16641 16642 7ff715763ab0 16637->16642 16639 7ff7157639ec 16638->16639 16640 7ff715763a81 16638->16640 16643 7ff715763a20 16639->16643 16644 7ff7157639f1 16639->16644 16729 7ff715761d54 16640->16729 16645 7ff715763a5e 16641->16645 16646 7ff715763a91 16641->16646 16648 7ff715763ac7 16642->16648 16650 7ff715763aba 16642->16650 16654 7ff715763abf 16642->16654 16649 7ff7157639f7 16643->16649 16643->16654 16644->16648 16644->16649 16657 7ff715763a6d 16645->16657 16661 7ff715763a00 16645->16661 16736 7ff715761944 16646->16736 16743 7ff7157646ac 16648->16743 16655 7ff715763a32 16649->16655 16649->16661 16665 7ff715763a1b 16649->16665 16650->16640 16650->16654 16667 7ff715763af0 16654->16667 16747 7ff715762164 16654->16747 16655->16667 16719 7ff715764494 16655->16719 16657->16640 16659 7ff715763a72 16657->16659 16659->16667 16725 7ff715764558 16659->16725 16660 7ff71575c550 _log10_special 8 API calls 16663 7ff715763dea 16660->16663 16661->16667 16709 7ff715764158 16661->16709 16663->16632 16665->16667 16668 7ff715763cdc 16665->16668 16754 7ff7157647c0 16665->16754 16667->16660 16668->16667 16760 7ff71576ea08 16668->16760 16670 7ff7157633fe 16669->16670 16671 7ff715763414 16669->16671 16672 7ff715763a57 16670->16672 16673 7ff7157639e6 16670->16673 16675 7ff715763454 16670->16675 16674 7ff71576a814 _invalid_parameter_noinfo 37 API calls 16671->16674 16671->16675 16678 7ff715763a5c 16672->16678 16679 7ff715763ab0 16672->16679 16676 7ff7157639ec 16673->16676 16677 7ff715763a81 16673->16677 16674->16675 16675->16632 16680 7ff715763a20 16676->16680 16681 7ff7157639f1 16676->16681 16684 7ff715761d54 38 API calls 16677->16684 16682 7ff715763a5e 16678->16682 16683 7ff715763a91 16678->16683 16685 7ff715763ac7 16679->16685 16688 7ff715763aba 16679->16688 16691 7ff715763abf 16679->16691 16686 7ff7157639f7 16680->16686 16680->16691 16681->16685 16681->16686 16687 7ff715763a00 16682->16687 16695 7ff715763a6d 16682->16695 16689 7ff715761944 38 API calls 16683->16689 16702 7ff715763a1b 16684->16702 16692 7ff7157646ac 45 API calls 16685->16692 16686->16687 16693 7ff715763a32 16686->16693 16686->16702 16690 7ff715764158 47 API calls 16687->16690 16704 7ff715763af0 16687->16704 16688->16677 16688->16691 16689->16702 16690->16702 16694 7ff715762164 38 API calls 16691->16694 16691->16704 16692->16702 16696 7ff715764494 46 API calls 16693->16696 16693->16704 16694->16702 16695->16677 16697 7ff715763a72 16695->16697 16696->16702 16699 7ff715764558 37 API calls 16697->16699 16697->16704 16698 7ff71575c550 _log10_special 8 API calls 16700 7ff715763dea 16698->16700 16699->16702 16700->16632 16701 7ff7157647c0 45 API calls 16705 7ff715763cdc 16701->16705 16702->16701 16702->16704 16702->16705 16703 7ff71576ea08 46 API calls 16703->16705 16704->16698 16705->16703 16705->16704 16986 7ff715760fc8 16706->16986 16710 7ff71576417e 16709->16710 16772 7ff715760b80 16710->16772 16715 7ff7157642c3 16717 7ff7157647c0 45 API calls 16715->16717 16718 7ff715764351 16715->16718 16716 7ff7157647c0 45 API calls 16716->16715 16717->16718 16718->16665 16720 7ff7157644c9 16719->16720 16721 7ff71576450e 16720->16721 16722 7ff7157644e7 16720->16722 16724 7ff7157647c0 45 API calls 16720->16724 16721->16665 16723 7ff71576ea08 46 API calls 16722->16723 16723->16721 16724->16722 16727 7ff715764579 16725->16727 16726 7ff71576a814 _invalid_parameter_noinfo 37 API calls 16728 7ff7157645aa 16726->16728 16727->16726 16727->16728 16728->16665 16731 7ff715761d87 16729->16731 16730 7ff715761db6 16735 7ff715761df3 16730->16735 16918 7ff715760c28 16730->16918 16731->16730 16733 7ff715761e73 16731->16733 16734 7ff71576a814 _invalid_parameter_noinfo 37 API calls 16733->16734 16734->16735 16735->16665 16739 7ff715761977 16736->16739 16737 7ff7157619a6 16738 7ff715760c28 12 API calls 16737->16738 16742 7ff7157619e3 16737->16742 16738->16742 16739->16737 16740 7ff715761a63 16739->16740 16741 7ff71576a814 _invalid_parameter_noinfo 37 API calls 16740->16741 16741->16742 16742->16665 16744 7ff7157646ef 16743->16744 16746 7ff7157646f3 __crtLCMapStringW 16744->16746 16926 7ff715764748 16744->16926 16746->16665 16748 7ff715762197 16747->16748 16749 7ff7157621c6 16748->16749 16751 7ff715762283 16748->16751 16750 7ff715760c28 12 API calls 16749->16750 16753 7ff715762203 16749->16753 16750->16753 16752 7ff71576a814 _invalid_parameter_noinfo 37 API calls 16751->16752 16752->16753 16753->16665 16755 7ff7157647d7 16754->16755 16930 7ff71576d9b8 16755->16930 16762 7ff71576ea39 16760->16762 16770 7ff71576ea47 16760->16770 16761 7ff71576ea67 16763 7ff71576ea78 16761->16763 16764 7ff71576ea9f 16761->16764 16762->16761 16765 7ff7157647c0 45 API calls 16762->16765 16762->16770 16976 7ff7157700a0 16763->16976 16767 7ff71576eac9 16764->16767 16768 7ff71576eb2a 16764->16768 16764->16770 16765->16761 16767->16770 16979 7ff71576f8a0 16767->16979 16769 7ff71576f8a0 _fread_nolock MultiByteToWideChar 16768->16769 16769->16770 16770->16668 16773 7ff715760ba6 16772->16773 16774 7ff715760bb7 16772->16774 16780 7ff71576e570 16773->16780 16774->16773 16802 7ff71576d5fc 16774->16802 16777 7ff715760bf8 16779 7ff71576a948 __free_lconv_mon 11 API calls 16777->16779 16778 7ff71576a948 __free_lconv_mon 11 API calls 16778->16777 16779->16773 16781 7ff71576e58d 16780->16781 16782 7ff71576e5c0 16780->16782 16783 7ff71576a814 _invalid_parameter_noinfo 37 API calls 16781->16783 16782->16781 16784 7ff71576e5f2 16782->16784 16793 7ff7157642a1 16783->16793 16788 7ff71576e705 16784->16788 16797 7ff71576e63a 16784->16797 16785 7ff71576e7f7 16842 7ff71576da5c 16785->16842 16787 7ff71576e7bd 16835 7ff71576ddf4 16787->16835 16788->16785 16788->16787 16790 7ff71576e78c 16788->16790 16792 7ff71576e74f 16788->16792 16795 7ff71576e745 16788->16795 16828 7ff71576e0d4 16790->16828 16818 7ff71576e304 16792->16818 16793->16715 16793->16716 16795->16787 16796 7ff71576e74a 16795->16796 16796->16790 16796->16792 16797->16793 16809 7ff71576a4a4 16797->16809 16800 7ff71576a900 _isindst 17 API calls 16801 7ff71576e854 16800->16801 16803 7ff71576d647 16802->16803 16807 7ff71576d60b memcpy_s 16802->16807 16804 7ff715764f08 memcpy_s 11 API calls 16803->16804 16806 7ff715760be4 16804->16806 16805 7ff71576d62e HeapAlloc 16805->16806 16805->16807 16806->16777 16806->16778 16807->16803 16807->16805 16808 7ff715773590 memcpy_s 2 API calls 16807->16808 16808->16807 16810 7ff71576a4bb 16809->16810 16811 7ff71576a4b1 16809->16811 16812 7ff715764f08 memcpy_s 11 API calls 16810->16812 16811->16810 16813 7ff71576a4d6 16811->16813 16817 7ff71576a4c2 16812->16817 16815 7ff71576a4ce 16813->16815 16816 7ff715764f08 memcpy_s 11 API calls 16813->16816 16815->16793 16815->16800 16816->16817 16851 7ff71576a8e0 16817->16851 16854 7ff7157740ac 16818->16854 16822 7ff71576e3ac 16823 7ff71576e401 16822->16823 16825 7ff71576e3cc 16822->16825 16827 7ff71576e3b0 16822->16827 16907 7ff71576def0 16823->16907 16903 7ff71576e1ac 16825->16903 16827->16793 16829 7ff7157740ac 38 API calls 16828->16829 16830 7ff71576e11e 16829->16830 16831 7ff715773af4 37 API calls 16830->16831 16832 7ff71576e16e 16831->16832 16833 7ff71576e172 16832->16833 16834 7ff71576e1ac 45 API calls 16832->16834 16833->16793 16834->16833 16836 7ff7157740ac 38 API calls 16835->16836 16837 7ff71576de3f 16836->16837 16838 7ff715773af4 37 API calls 16837->16838 16839 7ff71576de97 16838->16839 16840 7ff71576de9b 16839->16840 16841 7ff71576def0 45 API calls 16839->16841 16840->16793 16841->16840 16843 7ff71576dad4 16842->16843 16844 7ff71576daa1 16842->16844 16846 7ff71576daec 16843->16846 16849 7ff71576db6d 16843->16849 16845 7ff71576a814 _invalid_parameter_noinfo 37 API calls 16844->16845 16848 7ff71576dacd memcpy_s 16845->16848 16847 7ff71576ddf4 46 API calls 16846->16847 16847->16848 16848->16793 16849->16848 16850 7ff7157647c0 45 API calls 16849->16850 16850->16848 16852 7ff71576a778 _invalid_parameter_noinfo 37 API calls 16851->16852 16853 7ff71576a8f9 16852->16853 16853->16815 16855 7ff7157740ff fegetenv 16854->16855 16856 7ff715777e2c 37 API calls 16855->16856 16859 7ff715774152 16856->16859 16857 7ff71577417f 16862 7ff71576a4a4 __std_exception_copy 37 API calls 16857->16862 16858 7ff715774242 16860 7ff715777e2c 37 API calls 16858->16860 16859->16858 16863 7ff71577421c 16859->16863 16864 7ff71577416d 16859->16864 16861 7ff71577426c 16860->16861 16865 7ff715777e2c 37 API calls 16861->16865 16866 7ff7157741fd 16862->16866 16867 7ff71576a4a4 __std_exception_copy 37 API calls 16863->16867 16864->16857 16864->16858 16868 7ff71577427d 16865->16868 16869 7ff715775324 16866->16869 16873 7ff715774205 16866->16873 16867->16866 16871 7ff715778020 20 API calls 16868->16871 16870 7ff71576a900 _isindst 17 API calls 16869->16870 16872 7ff715775339 16870->16872 16881 7ff7157742e6 memcpy_s 16871->16881 16874 7ff71575c550 _log10_special 8 API calls 16873->16874 16875 7ff71576e351 16874->16875 16899 7ff715773af4 16875->16899 16876 7ff71577468f memcpy_s 16877 7ff7157749cf 16878 7ff715773c10 37 API calls 16877->16878 16885 7ff7157750e7 16878->16885 16879 7ff71577497b 16879->16877 16882 7ff71577533c memcpy_s 37 API calls 16879->16882 16880 7ff715774327 memcpy_s 16893 7ff715774c6b memcpy_s 16880->16893 16894 7ff715774783 memcpy_s 16880->16894 16881->16876 16881->16880 16883 7ff715764f08 memcpy_s 11 API calls 16881->16883 16882->16877 16884 7ff715774760 16883->16884 16886 7ff71576a8e0 _invalid_parameter_noinfo 37 API calls 16884->16886 16887 7ff71577533c memcpy_s 37 API calls 16885->16887 16898 7ff715775142 16885->16898 16886->16880 16887->16898 16888 7ff7157752c8 16889 7ff715777e2c 37 API calls 16888->16889 16889->16873 16890 7ff715764f08 11 API calls memcpy_s 16890->16893 16891 7ff715764f08 11 API calls memcpy_s 16891->16894 16892 7ff71576a8e0 37 API calls _invalid_parameter_noinfo 16892->16893 16893->16877 16893->16879 16893->16890 16893->16892 16894->16879 16894->16891 16896 7ff71576a8e0 37 API calls _invalid_parameter_noinfo 16894->16896 16895 7ff715773c10 37 API calls 16895->16898 16896->16894 16897 7ff71577533c memcpy_s 37 API calls 16897->16898 16898->16888 16898->16895 16898->16897 16900 7ff715773b13 16899->16900 16901 7ff71576a814 _invalid_parameter_noinfo 37 API calls 16900->16901 16902 7ff715773b3e memcpy_s 16900->16902 16901->16902 16902->16822 16904 7ff71576e1d8 memcpy_s 16903->16904 16905 7ff7157647c0 45 API calls 16904->16905 16906 7ff71576e292 memcpy_s 16904->16906 16905->16906 16906->16827 16908 7ff71576df2b 16907->16908 16912 7ff71576df78 memcpy_s 16907->16912 16909 7ff71576a814 _invalid_parameter_noinfo 37 API calls 16908->16909 16910 7ff71576df57 16909->16910 16910->16827 16911 7ff71576dfe3 16913 7ff71576a4a4 __std_exception_copy 37 API calls 16911->16913 16912->16911 16914 7ff7157647c0 45 API calls 16912->16914 16917 7ff71576e025 memcpy_s 16913->16917 16914->16911 16915 7ff71576a900 _isindst 17 API calls 16916 7ff71576e0d0 16915->16916 16917->16915 16919 7ff715760c5f 16918->16919 16925 7ff715760c4e 16918->16925 16920 7ff71576d5fc _fread_nolock 12 API calls 16919->16920 16919->16925 16921 7ff715760c90 16920->16921 16922 7ff715760ca4 16921->16922 16923 7ff71576a948 __free_lconv_mon 11 API calls 16921->16923 16924 7ff71576a948 __free_lconv_mon 11 API calls 16922->16924 16923->16922 16924->16925 16925->16735 16927 7ff715764766 16926->16927 16928 7ff71576476e 16926->16928 16929 7ff7157647c0 45 API calls 16927->16929 16928->16746 16929->16928 16931 7ff7157647ff 16930->16931 16932 7ff71576d9d1 16930->16932 16934 7ff71576da24 16931->16934 16932->16931 16938 7ff715773304 16932->16938 16935 7ff71576da3d 16934->16935 16936 7ff71576480f 16934->16936 16935->16936 16973 7ff715772650 16935->16973 16936->16668 16950 7ff71576b150 GetLastError 16938->16950 16941 7ff71577335e 16941->16931 16951 7ff71576b174 FlsGetValue 16950->16951 16952 7ff71576b191 FlsSetValue 16950->16952 16953 7ff71576b18b 16951->16953 16969 7ff71576b181 16951->16969 16954 7ff71576b1a3 16952->16954 16952->16969 16953->16952 16956 7ff71576eb98 memcpy_s 11 API calls 16954->16956 16955 7ff71576b1fd SetLastError 16957 7ff71576b21d 16955->16957 16958 7ff71576b20a 16955->16958 16959 7ff71576b1b2 16956->16959 16962 7ff71576a504 __FrameHandler3::FrameUnwindToEmptyState 38 API calls 16957->16962 16958->16941 16972 7ff7157702d8 EnterCriticalSection 16958->16972 16960 7ff71576b1d0 FlsSetValue 16959->16960 16961 7ff71576b1c0 FlsSetValue 16959->16961 16964 7ff71576b1ee 16960->16964 16965 7ff71576b1dc FlsSetValue 16960->16965 16963 7ff71576b1c9 16961->16963 16966 7ff71576b222 16962->16966 16967 7ff71576a948 __free_lconv_mon 11 API calls 16963->16967 16968 7ff71576aef4 memcpy_s 11 API calls 16964->16968 16965->16963 16967->16969 16970 7ff71576b1f6 16968->16970 16969->16955 16971 7ff71576a948 __free_lconv_mon 11 API calls 16970->16971 16971->16955 16974 7ff71576b150 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 16973->16974 16975 7ff715772659 16974->16975 16982 7ff715776d88 16976->16982 16981 7ff71576f8a9 MultiByteToWideChar 16979->16981 16985 7ff715776dec 16982->16985 16983 7ff71575c550 _log10_special 8 API calls 16984 7ff7157700bd 16983->16984 16984->16770 16985->16983 16987 7ff715760ffd 16986->16987 16988 7ff71576100f 16986->16988 16989 7ff715764f08 memcpy_s 11 API calls 16987->16989 16990 7ff71576101d 16988->16990 16995 7ff715761059 16988->16995 16991 7ff715761002 16989->16991 16992 7ff71576a814 _invalid_parameter_noinfo 37 API calls 16990->16992 16993 7ff71576a8e0 _invalid_parameter_noinfo 37 API calls 16991->16993 17001 7ff71576100d 16992->17001 16993->17001 16994 7ff7157613d5 16996 7ff715764f08 memcpy_s 11 API calls 16994->16996 16994->17001 16995->16994 16997 7ff715764f08 memcpy_s 11 API calls 16995->16997 16998 7ff715761669 16996->16998 16999 7ff7157613ca 16997->16999 17002 7ff71576a8e0 _invalid_parameter_noinfo 37 API calls 16998->17002 17000 7ff71576a8e0 _invalid_parameter_noinfo 37 API calls 16999->17000 17000->16994 17001->16632 17002->17001 17004 7ff715760704 17003->17004 17031 7ff715760464 17004->17031 17006 7ff71576071d 17006->16167 17043 7ff7157603bc 17007->17043 17011 7ff71575c850 17010->17011 17012 7ff715752930 GetCurrentProcessId 17011->17012 17013 7ff715751c80 49 API calls 17012->17013 17014 7ff715752979 17013->17014 17057 7ff715764984 17014->17057 17019 7ff715751c80 49 API calls 17020 7ff7157529ff 17019->17020 17087 7ff715752620 17020->17087 17023 7ff71575c550 _log10_special 8 API calls 17024 7ff715752a31 17023->17024 17024->16207 17026 7ff715751b89 17025->17026 17027 7ff715760119 17025->17027 17026->16206 17026->16207 17028 7ff715764f08 memcpy_s 11 API calls 17027->17028 17029 7ff71576011e 17028->17029 17030 7ff71576a8e0 _invalid_parameter_noinfo 37 API calls 17029->17030 17030->17026 17032 7ff7157604ce 17031->17032 17033 7ff71576048e 17031->17033 17032->17033 17035 7ff7157604da 17032->17035 17034 7ff71576a814 _invalid_parameter_noinfo 37 API calls 17033->17034 17036 7ff7157604b5 17034->17036 17042 7ff71576546c EnterCriticalSection 17035->17042 17036->17006 17044 7ff7157603e6 17043->17044 17055 7ff715751a20 17043->17055 17045 7ff7157603f5 memcpy_s 17044->17045 17046 7ff715760432 17044->17046 17044->17055 17048 7ff715764f08 memcpy_s 11 API calls 17045->17048 17056 7ff71576546c EnterCriticalSection 17046->17056 17050 7ff71576040a 17048->17050 17052 7ff71576a8e0 _invalid_parameter_noinfo 37 API calls 17050->17052 17052->17055 17055->16176 17055->16177 17059 7ff7157649de 17057->17059 17058 7ff715764a03 17060 7ff71576a814 _invalid_parameter_noinfo 37 API calls 17058->17060 17059->17058 17061 7ff715764a3f 17059->17061 17063 7ff715764a2d 17060->17063 17096 7ff715762c10 17061->17096 17064 7ff71575c550 _log10_special 8 API calls 17063->17064 17066 7ff7157529c3 17064->17066 17065 7ff71576a948 __free_lconv_mon 11 API calls 17065->17063 17075 7ff715765160 17066->17075 17068 7ff715764b40 17069 7ff715764b4a 17068->17069 17072 7ff715764b1c 17068->17072 17073 7ff71576a948 __free_lconv_mon 11 API calls 17069->17073 17070 7ff71576a948 __free_lconv_mon 11 API calls 17070->17063 17071 7ff715764ae8 17071->17072 17074 7ff715764af1 17071->17074 17072->17065 17073->17063 17074->17070 17076 7ff71576b2c8 memcpy_s 11 API calls 17075->17076 17077 7ff715765177 17076->17077 17078 7ff7157529e5 17077->17078 17079 7ff71576eb98 memcpy_s 11 API calls 17077->17079 17081 7ff7157651b7 17077->17081 17078->17019 17080 7ff7157651ac 17079->17080 17082 7ff71576a948 __free_lconv_mon 11 API calls 17080->17082 17081->17078 17234 7ff71576ec20 17081->17234 17082->17081 17085 7ff71576a900 _isindst 17 API calls 17086 7ff7157651fc 17085->17086 17088 7ff71575262f 17087->17088 17089 7ff715759390 2 API calls 17088->17089 17090 7ff715752660 17089->17090 17091 7ff715752683 MessageBoxA 17090->17091 17092 7ff71575266f MessageBoxW 17090->17092 17093 7ff715752690 17091->17093 17092->17093 17094 7ff71575c550 _log10_special 8 API calls 17093->17094 17095 7ff7157526a0 17094->17095 17095->17023 17097 7ff715762c4e 17096->17097 17098 7ff715762c3e 17096->17098 17099 7ff715762c57 17097->17099 17108 7ff715762c85 17097->17108 17100 7ff71576a814 _invalid_parameter_noinfo 37 API calls 17098->17100 17101 7ff71576a814 _invalid_parameter_noinfo 37 API calls 17099->17101 17102 7ff715762c7d 17100->17102 17101->17102 17102->17068 17102->17071 17102->17072 17102->17074 17103 7ff7157647c0 45 API calls 17103->17108 17105 7ff715762f34 17107 7ff71576a814 _invalid_parameter_noinfo 37 API calls 17105->17107 17107->17098 17108->17098 17108->17102 17108->17103 17108->17105 17110 7ff7157635a0 17108->17110 17136 7ff715763268 17108->17136 17166 7ff715762af0 17108->17166 17111 7ff715763655 17110->17111 17112 7ff7157635e2 17110->17112 17115 7ff71576365a 17111->17115 17116 7ff7157636af 17111->17116 17113 7ff7157635e8 17112->17113 17114 7ff71576367f 17112->17114 17120 7ff7157635ed 17113->17120 17124 7ff7157636be 17113->17124 17183 7ff715761b50 17114->17183 17117 7ff71576365c 17115->17117 17118 7ff71576368f 17115->17118 17116->17114 17116->17124 17134 7ff715763618 17116->17134 17123 7ff71576366b 17117->17123 17126 7ff7157635fd 17117->17126 17190 7ff715761740 17118->17190 17120->17126 17127 7ff715763630 17120->17127 17120->17134 17123->17114 17128 7ff715763670 17123->17128 17135 7ff7157636ed 17124->17135 17197 7ff715761f60 17124->17197 17126->17135 17169 7ff715763f04 17126->17169 17127->17135 17179 7ff7157643c0 17127->17179 17131 7ff715764558 37 API calls 17128->17131 17128->17135 17130 7ff71575c550 _log10_special 8 API calls 17132 7ff715763983 17130->17132 17131->17134 17132->17108 17134->17135 17204 7ff71576e858 17134->17204 17135->17130 17137 7ff715763289 17136->17137 17138 7ff715763273 17136->17138 17139 7ff71576a814 _invalid_parameter_noinfo 37 API calls 17137->17139 17140 7ff7157632c7 17137->17140 17138->17140 17141 7ff715763655 17138->17141 17142 7ff7157635e2 17138->17142 17139->17140 17140->17108 17145 7ff71576365a 17141->17145 17146 7ff7157636af 17141->17146 17143 7ff7157635e8 17142->17143 17144 7ff71576367f 17142->17144 17151 7ff7157635ed 17143->17151 17154 7ff7157636be 17143->17154 17149 7ff715761b50 38 API calls 17144->17149 17147 7ff71576365c 17145->17147 17148 7ff71576368f 17145->17148 17146->17144 17146->17154 17156 7ff715763618 17146->17156 17150 7ff7157635fd 17147->17150 17158 7ff71576366b 17147->17158 17152 7ff715761740 38 API calls 17148->17152 17149->17156 17153 7ff715763f04 47 API calls 17150->17153 17165 7ff7157636ed 17150->17165 17151->17150 17155 7ff715763630 17151->17155 17151->17156 17152->17156 17153->17156 17157 7ff715761f60 38 API calls 17154->17157 17154->17165 17159 7ff7157643c0 47 API calls 17155->17159 17155->17165 17164 7ff71576e858 47 API calls 17156->17164 17156->17165 17157->17156 17158->17144 17160 7ff715763670 17158->17160 17159->17156 17162 7ff715764558 37 API calls 17160->17162 17160->17165 17161 7ff71575c550 _log10_special 8 API calls 17163 7ff715763983 17161->17163 17162->17156 17163->17108 17164->17156 17165->17161 17217 7ff715760d14 17166->17217 17170 7ff715763f26 17169->17170 17171 7ff715760b80 12 API calls 17170->17171 17172 7ff715763f6e 17171->17172 17173 7ff71576e570 46 API calls 17172->17173 17175 7ff715764041 17173->17175 17174 7ff715764063 17177 7ff7157647c0 45 API calls 17174->17177 17178 7ff7157640ec 17174->17178 17175->17174 17176 7ff7157647c0 45 API calls 17175->17176 17176->17174 17177->17178 17178->17134 17180 7ff7157643d8 17179->17180 17182 7ff715764440 17179->17182 17181 7ff71576e858 47 API calls 17180->17181 17180->17182 17181->17182 17182->17134 17184 7ff715761b83 17183->17184 17185 7ff715761bb2 17184->17185 17187 7ff715761c6f 17184->17187 17186 7ff715760b80 12 API calls 17185->17186 17189 7ff715761bef 17185->17189 17186->17189 17188 7ff71576a814 _invalid_parameter_noinfo 37 API calls 17187->17188 17188->17189 17189->17134 17191 7ff715761773 17190->17191 17192 7ff7157617a2 17191->17192 17194 7ff71576185f 17191->17194 17193 7ff715760b80 12 API calls 17192->17193 17196 7ff7157617df 17192->17196 17193->17196 17195 7ff71576a814 _invalid_parameter_noinfo 37 API calls 17194->17195 17195->17196 17196->17134 17198 7ff715761f93 17197->17198 17199 7ff715761fc2 17198->17199 17201 7ff71576207f 17198->17201 17200 7ff715760b80 12 API calls 17199->17200 17203 7ff715761fff 17199->17203 17200->17203 17202 7ff71576a814 _invalid_parameter_noinfo 37 API calls 17201->17202 17202->17203 17203->17134 17206 7ff71576e880 17204->17206 17205 7ff71576e8ae memcpy_s 17209 7ff71576e885 memcpy_s 17205->17209 17210 7ff71576a814 _invalid_parameter_noinfo 37 API calls 17205->17210 17206->17205 17207 7ff71576e8c5 17206->17207 17208 7ff7157647c0 45 API calls 17206->17208 17206->17209 17207->17205 17207->17209 17214 7ff7157707e8 17207->17214 17208->17207 17209->17134 17210->17209 17216 7ff71577080c WideCharToMultiByte 17214->17216 17218 7ff715760d53 17217->17218 17219 7ff715760d41 17217->17219 17221 7ff715760d60 17218->17221 17225 7ff715760d9d 17218->17225 17220 7ff715764f08 memcpy_s 11 API calls 17219->17220 17222 7ff715760d46 17220->17222 17224 7ff71576a814 _invalid_parameter_noinfo 37 API calls 17221->17224 17223 7ff71576a8e0 _invalid_parameter_noinfo 37 API calls 17222->17223 17229 7ff715760d51 17223->17229 17224->17229 17226 7ff715760e46 17225->17226 17227 7ff715764f08 memcpy_s 11 API calls 17225->17227 17228 7ff715764f08 memcpy_s 11 API calls 17226->17228 17226->17229 17230 7ff715760e3b 17227->17230 17231 7ff715760ef0 17228->17231 17229->17108 17232 7ff71576a8e0 _invalid_parameter_noinfo 37 API calls 17230->17232 17233 7ff71576a8e0 _invalid_parameter_noinfo 37 API calls 17231->17233 17232->17226 17233->17229 17238 7ff71576ec3d 17234->17238 17235 7ff71576ec42 17236 7ff7157651dd 17235->17236 17237 7ff715764f08 memcpy_s 11 API calls 17235->17237 17236->17078 17236->17085 17239 7ff71576ec4c 17237->17239 17238->17235 17238->17236 17241 7ff71576ec8c 17238->17241 17240 7ff71576a8e0 _invalid_parameter_noinfo 37 API calls 17239->17240 17240->17236 17241->17236 17242 7ff715764f08 memcpy_s 11 API calls 17241->17242 17242->17239 17244 7ff715768258 17243->17244 17245 7ff715768245 17243->17245 17253 7ff715767ebc 17244->17253 17246 7ff715764f08 memcpy_s 11 API calls 17245->17246 17248 7ff71576824a 17246->17248 17250 7ff71576a8e0 _invalid_parameter_noinfo 37 API calls 17248->17250 17251 7ff715768256 17250->17251 17251->16227 17260 7ff7157702d8 EnterCriticalSection 17253->17260 17262 7ff715758633 __vcrt_freefls 17261->17262 17263 7ff7157585b1 GetTokenInformation 17261->17263 17265 7ff71575864c 17262->17265 17266 7ff715758646 CloseHandle 17262->17266 17264 7ff7157585d2 GetLastError 17263->17264 17267 7ff7157585dd 17263->17267 17264->17262 17264->17267 17265->16232 17266->17265 17267->17262 17268 7ff7157585f9 GetTokenInformation 17267->17268 17268->17262 17269 7ff71575861c 17268->17269 17269->17262 17270 7ff715758626 ConvertSidToStringSidW 17269->17270 17270->17262 17272 7ff71575c850 17271->17272 17273 7ff715752b74 GetCurrentProcessId 17272->17273 17274 7ff7157526b0 48 API calls 17273->17274 17275 7ff715752bc7 17274->17275 17276 7ff715764bd8 48 API calls 17275->17276 17277 7ff715752c10 MessageBoxW 17276->17277 17278 7ff71575c550 _log10_special 8 API calls 17277->17278 17279 7ff715752c40 17278->17279 17279->16242 17281 7ff7157525e5 17280->17281 17282 7ff715764bd8 48 API calls 17281->17282 17283 7ff715752604 17282->17283 17283->16251 17319 7ff715768794 17284->17319 17288 7ff7157581dc 17287->17288 17289 7ff715759390 2 API calls 17288->17289 17290 7ff7157581fb 17289->17290 17291 7ff715758203 17290->17291 17292 7ff715758216 ExpandEnvironmentStringsW 17290->17292 17293 7ff715752810 49 API calls 17291->17293 17294 7ff71575823c __vcrt_freefls 17292->17294 17295 7ff71575820f __vcrt_freefls 17293->17295 17296 7ff715758253 17294->17296 17297 7ff715758240 17294->17297 17298 7ff71575c550 _log10_special 8 API calls 17295->17298 17301 7ff7157582bf 17296->17301 17304 7ff715758261 17296->17304 17299 7ff715752810 49 API calls 17297->17299 17299->17295 17304->17304 17360 7ff715771558 17319->17360 17419 7ff7157712d0 17360->17419 17440 7ff7157702d8 EnterCriticalSection 17419->17440 17559 7ff71575456a 17558->17559 17560 7ff715759390 2 API calls 17559->17560 17561 7ff71575458f 17560->17561 17562 7ff71575c550 _log10_special 8 API calls 17561->17562 17563 7ff7157545b7 17562->17563 17563->16295 17565 7ff715757e2e 17564->17565 17566 7ff715757f52 17565->17566 17567 7ff715751c80 49 API calls 17565->17567 17568 7ff71575c550 _log10_special 8 API calls 17566->17568 17572 7ff715757eb5 17567->17572 17569 7ff715757f83 17568->17569 17569->16295 17570 7ff715751c80 49 API calls 17570->17572 17571 7ff715754560 10 API calls 17571->17572 17572->17566 17572->17570 17572->17571 17573 7ff715759390 2 API calls 17572->17573 17574 7ff715757f23 CreateDirectoryW 17573->17574 17574->17566 17574->17572 17576 7ff715751637 17575->17576 17577 7ff715751613 17575->17577 17578 7ff7157545c0 108 API calls 17576->17578 17696 7ff715751050 17577->17696 17580 7ff71575164b 17578->17580 17582 7ff715751653 17580->17582 17583 7ff715751682 17580->17583 17581 7ff715751618 17584 7ff71575162e 17581->17584 17587 7ff715752710 54 API calls 17581->17587 17585 7ff715764f08 memcpy_s 11 API calls 17582->17585 17586 7ff7157545c0 108 API calls 17583->17586 17584->16295 17588 7ff715751658 17585->17588 17589 7ff715751696 17586->17589 17587->17584 17590 7ff715752910 54 API calls 17588->17590 17591 7ff71575169e 17589->17591 17592 7ff7157516b8 17589->17592 17593 7ff715751671 17590->17593 17594 7ff715752710 54 API calls 17591->17594 17595 7ff7157606d4 73 API calls 17592->17595 17593->16295 17596 7ff7157516ae 17594->17596 17597 7ff7157516cd 17595->17597 17603 7ff71576004c 74 API calls 17596->17603 17598 7ff7157516f9 17597->17598 17599 7ff7157516d1 17597->17599 17624 7ff71575718b 17623->17624 17626 7ff715757144 17623->17626 17624->16295 17626->17624 17760 7ff715765024 17626->17760 17628 7ff7157541a1 17627->17628 17629 7ff7157544e0 49 API calls 17628->17629 17630 7ff7157541db 17629->17630 17631 7ff7157544e0 49 API calls 17630->17631 17632 7ff7157541eb 17631->17632 17633 7ff71575423c 17632->17633 17634 7ff71575420d 17632->17634 17636 7ff715754110 51 API calls 17633->17636 17791 7ff715754110 17634->17791 17637 7ff71575423a 17636->17637 17638 7ff71575429c 17637->17638 17639 7ff715754267 17637->17639 17640 7ff715754110 51 API calls 17638->17640 17798 7ff715757cf0 17639->17798 17672 7ff715751c80 49 API calls 17671->17672 17673 7ff715754474 17672->17673 17673->16295 17697 7ff7157545c0 108 API calls 17696->17697 17698 7ff71575108c 17697->17698 17699 7ff7157510a9 17698->17699 17700 7ff715751094 17698->17700 17702 7ff7157606d4 73 API calls 17699->17702 17701 7ff715752710 54 API calls 17700->17701 17708 7ff7157510a4 __vcrt_freefls 17701->17708 17703 7ff7157510bf 17702->17703 17704 7ff7157510c3 17703->17704 17705 7ff7157510e6 17703->17705 17706 7ff715764f08 memcpy_s 11 API calls 17704->17706 17709 7ff7157510f7 17705->17709 17710 7ff715751122 17705->17710 17707 7ff7157510c8 17706->17707 17708->17581 17712 7ff715764f08 memcpy_s 11 API calls 17709->17712 17713 7ff715751129 17710->17713 17721 7ff71575113c 17710->17721 17761 7ff71576505e 17760->17761 17762 7ff715765031 17760->17762 17765 7ff715765081 17761->17765 17768 7ff71576509d 17761->17768 17763 7ff715764f08 memcpy_s 11 API calls 17762->17763 17764 7ff715764fe8 17762->17764 17766 7ff71576503b 17763->17766 17764->17626 17767 7ff715764f08 memcpy_s 11 API calls 17765->17767 17770 7ff71576a8e0 _invalid_parameter_noinfo 37 API calls 17766->17770 17771 7ff715765086 17767->17771 17775 7ff715764f4c 17768->17775 17772 7ff715765046 17770->17772 17773 7ff71576a8e0 _invalid_parameter_noinfo 37 API calls 17771->17773 17772->17626 17774 7ff715765091 17773->17774 17774->17626 17776 7ff715764f6b 17775->17776 17777 7ff715764f70 17775->17777 17776->17774 17777->17776 17778 7ff71576b150 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 17777->17778 17779 7ff715764f8b 17778->17779 17783 7ff71576d984 17779->17783 17784 7ff71576d999 17783->17784 17785 7ff715764fae 17783->17785 17784->17785 17792 7ff715754136 17791->17792 17793 7ff715764984 49 API calls 17792->17793 17794 7ff71575415c 17793->17794 17795 7ff71575416d 17794->17795 17796 7ff715754560 10 API calls 17794->17796 17795->17637 17855 7ff715765ec8 17854->17855 17856 7ff715765eee 17855->17856 17859 7ff715765f21 17855->17859 17857 7ff715764f08 memcpy_s 11 API calls 17856->17857 17858 7ff715765ef3 17857->17858 17860 7ff71576a8e0 _invalid_parameter_noinfo 37 API calls 17858->17860 17861 7ff715765f27 17859->17861 17862 7ff715765f34 17859->17862 17872 7ff715754616 17860->17872 17863 7ff715764f08 memcpy_s 11 API calls 17861->17863 17873 7ff71576ac28 17862->17873 17863->17872 17872->16320 17886 7ff7157702d8 EnterCriticalSection 17873->17886 18246 7ff7157678f8 18245->18246 18249 7ff7157673d4 18246->18249 18248 7ff715767911 18248->16329 18250 7ff71576741e 18249->18250 18251 7ff7157673ef 18249->18251 18259 7ff71576546c EnterCriticalSection 18250->18259 18252 7ff71576a814 _invalid_parameter_noinfo 37 API calls 18251->18252 18256 7ff71576740f 18252->18256 18256->18248 18261 7ff71575fe43 18260->18261 18262 7ff71575fe71 18260->18262 18263 7ff71576a814 _invalid_parameter_noinfo 37 API calls 18261->18263 18265 7ff71575fe63 18262->18265 18270 7ff71576546c EnterCriticalSection 18262->18270 18263->18265 18265->16334 18272 7ff71575caf2 RtlLookupFunctionEntry 18271->18272 18273 7ff71575cb08 RtlVirtualUnwind 18272->18273 18274 7ff71575c90b 18272->18274 18273->18272 18273->18274 18275 7ff71575c8a0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 18274->18275 18277 7ff7157545c0 108 API calls 18276->18277 18278 7ff715751493 18277->18278 18279 7ff71575149b 18278->18279 18280 7ff7157514bc 18278->18280 18281 7ff715752710 54 API calls 18279->18281 18282 7ff7157606d4 73 API calls 18280->18282 18283 7ff7157514ab 18281->18283 18284 7ff7157514d1 18282->18284 18283->16369 18285 7ff7157514f8 18284->18285 18286 7ff7157514d5 18284->18286 18383 7ff715756375 18382->18383 18384 7ff715751c80 49 API calls 18383->18384 18385 7ff7157563b1 18384->18385 18386 7ff7157563dd 18385->18386 18387 7ff7157563ba 18385->18387 18389 7ff715754630 49 API calls 18386->18389 18388 7ff715752710 54 API calls 18387->18388 18405 7ff7157563d3 18388->18405 18390 7ff7157563f5 18389->18390 18391 7ff715756413 18390->18391 18392 7ff715752710 54 API calls 18390->18392 18393 7ff715754560 10 API calls 18391->18393 18392->18391 18395 7ff71575641d 18393->18395 18394 7ff71575c550 _log10_special 8 API calls 18396 7ff71575336e 18394->18396 18397 7ff71575642b 18395->18397 18398 7ff715758e80 3 API calls 18395->18398 18396->16438 18413 7ff715756500 18396->18413 18398->18397 18405->18394 18562 7ff715755400 18413->18562 18564 7ff71575542c 18562->18564 18672 7ff71576b150 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 18671->18672 18673 7ff71576a3e1 18672->18673 18676 7ff71576a504 18673->18676 18685 7ff715773650 18676->18685 18711 7ff715773608 18685->18711 18716 7ff7157702d8 EnterCriticalSection 18711->18716 18888 7ff7157708c8 18889 7ff7157708ec 18888->18889 18892 7ff7157708fc 18888->18892 18890 7ff715764f08 memcpy_s 11 API calls 18889->18890 18913 7ff7157708f1 18890->18913 18891 7ff715770bdc 18893 7ff715764f08 memcpy_s 11 API calls 18891->18893 18892->18891 18894 7ff71577091e 18892->18894 18895 7ff715770be1 18893->18895 18896 7ff71577093f 18894->18896 19019 7ff715770f84 18894->19019 18897 7ff71576a948 __free_lconv_mon 11 API calls 18895->18897 18899 7ff7157709b1 18896->18899 18901 7ff715770965 18896->18901 18905 7ff7157709a5 18896->18905 18897->18913 18903 7ff71576eb98 memcpy_s 11 API calls 18899->18903 18918 7ff715770974 18899->18918 18900 7ff715770a5e 18912 7ff715770a7b 18900->18912 18919 7ff715770acd 18900->18919 19034 7ff7157696c0 18901->19034 18906 7ff7157709c7 18903->18906 18905->18900 18905->18918 19040 7ff71577712c 18905->19040 18909 7ff71576a948 __free_lconv_mon 11 API calls 18906->18909 18908 7ff71576a948 __free_lconv_mon 11 API calls 18908->18913 18914 7ff7157709d5 18909->18914 18910 7ff71577098d 18910->18905 18917 7ff715770f84 45 API calls 18910->18917 18911 7ff71577096f 18915 7ff715764f08 memcpy_s 11 API calls 18911->18915 18916 7ff71576a948 __free_lconv_mon 11 API calls 18912->18916 18914->18905 18914->18918 18922 7ff71576eb98 memcpy_s 11 API calls 18914->18922 18915->18918 18920 7ff715770a84 18916->18920 18917->18905 18918->18908 18919->18918 18921 7ff7157733dc 40 API calls 18919->18921 18928 7ff715770a89 18920->18928 19076 7ff7157733dc 18920->19076 18923 7ff715770b0a 18921->18923 18925 7ff7157709f7 18922->18925 18926 7ff71576a948 __free_lconv_mon 11 API calls 18923->18926 18931 7ff71576a948 __free_lconv_mon 11 API calls 18925->18931 18927 7ff715770b14 18926->18927 18927->18918 18927->18928 18929 7ff715770bd0 18928->18929 18934 7ff71576eb98 memcpy_s 11 API calls 18928->18934 18933 7ff71576a948 __free_lconv_mon 11 API calls 18929->18933 18930 7ff715770ab5 18932 7ff71576a948 __free_lconv_mon 11 API calls 18930->18932 18931->18905 18932->18928 18933->18913 18935 7ff715770b58 18934->18935 18936 7ff715770b69 18935->18936 18937 7ff715770b60 18935->18937 18939 7ff71576a4a4 __std_exception_copy 37 API calls 18936->18939 18938 7ff71576a948 __free_lconv_mon 11 API calls 18937->18938 18940 7ff715770b67 18938->18940 18941 7ff715770b78 18939->18941 18946 7ff71576a948 __free_lconv_mon 11 API calls 18940->18946 18942 7ff715770c0b 18941->18942 18943 7ff715770b80 18941->18943 18945 7ff71576a900 _isindst 17 API calls 18942->18945 19085 7ff715777244 18943->19085 18948 7ff715770c1f 18945->18948 18946->18913 18951 7ff715770c48 18948->18951 18959 7ff715770c58 18948->18959 18949 7ff715770ba7 18952 7ff715764f08 memcpy_s 11 API calls 18949->18952 18950 7ff715770bc8 18954 7ff71576a948 __free_lconv_mon 11 API calls 18950->18954 18953 7ff715764f08 memcpy_s 11 API calls 18951->18953 18955 7ff715770bac 18952->18955 18956 7ff715770c4d 18953->18956 18954->18929 18957 7ff71576a948 __free_lconv_mon 11 API calls 18955->18957 18957->18940 18958 7ff715770f3b 18960 7ff715764f08 memcpy_s 11 API calls 18958->18960 18959->18958 18961 7ff715770c7a 18959->18961 18963 7ff715770f40 18960->18963 18962 7ff715770c97 18961->18962 19104 7ff71577106c 18961->19104 18966 7ff715770d0b 18962->18966 18968 7ff715770cbf 18962->18968 18972 7ff715770cff 18962->18972 18965 7ff71576a948 __free_lconv_mon 11 API calls 18963->18965 18965->18956 18970 7ff715770d33 18966->18970 18973 7ff71576eb98 memcpy_s 11 API calls 18966->18973 18988 7ff715770cce 18966->18988 18967 7ff715770dbe 18981 7ff715770ddb 18967->18981 18989 7ff715770e2e 18967->18989 19119 7ff7157696fc 18968->19119 18970->18972 18975 7ff71576eb98 memcpy_s 11 API calls 18970->18975 18970->18988 18972->18967 18972->18988 19125 7ff715776fec 18972->19125 18977 7ff715770d25 18973->18977 18980 7ff715770d55 18975->18980 18976 7ff71576a948 __free_lconv_mon 11 API calls 18976->18956 18982 7ff71576a948 __free_lconv_mon 11 API calls 18977->18982 18978 7ff715770cc9 18983 7ff715764f08 memcpy_s 11 API calls 18978->18983 18979 7ff715770ce7 18979->18972 18987 7ff71577106c 45 API calls 18979->18987 18984 7ff71576a948 __free_lconv_mon 11 API calls 18980->18984 18985 7ff71576a948 __free_lconv_mon 11 API calls 18981->18985 18982->18970 18983->18988 18984->18972 18986 7ff715770de4 18985->18986 18993 7ff7157733dc 40 API calls 18986->18993 18995 7ff715770dea 18986->18995 18987->18972 18988->18976 18989->18988 18990 7ff7157733dc 40 API calls 18989->18990 18991 7ff715770e6c 18990->18991 18992 7ff71576a948 __free_lconv_mon 11 API calls 18991->18992 18994 7ff715770e76 18992->18994 18997 7ff715770e16 18993->18997 18994->18988 18994->18995 18996 7ff715770f2f 18995->18996 19000 7ff71576eb98 memcpy_s 11 API calls 18995->19000 18999 7ff71576a948 __free_lconv_mon 11 API calls 18996->18999 18998 7ff71576a948 __free_lconv_mon 11 API calls 18997->18998 18998->18995 18999->18956 19001 7ff715770ebb 19000->19001 19002 7ff715770ecc 19001->19002 19003 7ff715770ec3 19001->19003 19005 7ff715770474 37 API calls 19002->19005 19004 7ff71576a948 __free_lconv_mon 11 API calls 19003->19004 19007 7ff715770eca 19004->19007 19006 7ff715770eda 19005->19006 19008 7ff715770ee2 SetEnvironmentVariableW 19006->19008 19009 7ff715770f6f 19006->19009 19013 7ff71576a948 __free_lconv_mon 11 API calls 19007->19013 19010 7ff715770f27 19008->19010 19011 7ff715770f06 19008->19011 19012 7ff71576a900 _isindst 17 API calls 19009->19012 19016 7ff71576a948 __free_lconv_mon 11 API calls 19010->19016 19014 7ff715764f08 memcpy_s 11 API calls 19011->19014 19015 7ff715770f83 19012->19015 19013->18956 19017 7ff715770f0b 19014->19017 19016->18996 19018 7ff71576a948 __free_lconv_mon 11 API calls 19017->19018 19018->19007 19020 7ff715770fb9 19019->19020 19021 7ff715770fa1 19019->19021 19022 7ff71576eb98 memcpy_s 11 API calls 19020->19022 19021->18896 19023 7ff715770fdd 19022->19023 19024 7ff71577103e 19023->19024 19028 7ff71576eb98 memcpy_s 11 API calls 19023->19028 19029 7ff71576a948 __free_lconv_mon 11 API calls 19023->19029 19030 7ff71576a4a4 __std_exception_copy 37 API calls 19023->19030 19031 7ff71577104d 19023->19031 19033 7ff715771062 19023->19033 19027 7ff71576a948 __free_lconv_mon 11 API calls 19024->19027 19025 7ff71576a504 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 19026 7ff715771068 19025->19026 19027->19021 19028->19023 19029->19023 19030->19023 19032 7ff71576a900 _isindst 17 API calls 19031->19032 19032->19033 19033->19025 19035 7ff7157696d0 19034->19035 19036 7ff7157696d9 19034->19036 19035->19036 19149 7ff715769198 19035->19149 19036->18910 19036->18911 19041 7ff715777139 19040->19041 19042 7ff715776254 19040->19042 19044 7ff715764f4c 45 API calls 19041->19044 19043 7ff715776261 19042->19043 19048 7ff715776297 19042->19048 19046 7ff715764f08 memcpy_s 11 API calls 19043->19046 19059 7ff715776208 19043->19059 19045 7ff71577716d 19044->19045 19052 7ff715777183 19045->19052 19055 7ff71577719a 19045->19055 19071 7ff715777172 19045->19071 19049 7ff71577626b 19046->19049 19047 7ff7157762c1 19050 7ff715764f08 memcpy_s 11 API calls 19047->19050 19048->19047 19051 7ff7157762e6 19048->19051 19053 7ff71576a8e0 _invalid_parameter_noinfo 37 API calls 19049->19053 19054 7ff7157762c6 19050->19054 19060 7ff715764f4c 45 API calls 19051->19060 19066 7ff7157762d1 19051->19066 19056 7ff715764f08 memcpy_s 11 API calls 19052->19056 19057 7ff715776276 19053->19057 19058 7ff71576a8e0 _invalid_parameter_noinfo 37 API calls 19054->19058 19062 7ff7157771b6 19055->19062 19063 7ff7157771a4 19055->19063 19061 7ff715777188 19056->19061 19057->18905 19058->19066 19059->18905 19060->19066 19067 7ff71576a8e0 _invalid_parameter_noinfo 37 API calls 19061->19067 19064 7ff7157771de 19062->19064 19065 7ff7157771c7 19062->19065 19068 7ff715764f08 memcpy_s 11 API calls 19063->19068 19390 7ff715778f4c 19064->19390 19381 7ff7157762a4 19065->19381 19066->18905 19067->19071 19072 7ff7157771a9 19068->19072 19071->18905 19074 7ff71576a8e0 _invalid_parameter_noinfo 37 API calls 19072->19074 19074->19071 19075 7ff715764f08 memcpy_s 11 API calls 19075->19071 19077 7ff7157733fe 19076->19077 19078 7ff71577341b 19076->19078 19077->19078 19080 7ff71577340c 19077->19080 19079 7ff715773425 19078->19079 19430 7ff715777c38 19078->19430 19437 7ff715777c74 19079->19437 19082 7ff715764f08 memcpy_s 11 API calls 19080->19082 19084 7ff715773411 memcpy_s 19082->19084 19084->18930 19086 7ff715764f4c 45 API calls 19085->19086 19087 7ff7157772aa 19086->19087 19088 7ff7157772b8 19087->19088 19449 7ff71576ef24 19087->19449 19452 7ff7157654ac 19088->19452 19092 7ff7157773a4 19095 7ff7157773b5 19092->19095 19096 7ff71576a948 __free_lconv_mon 11 API calls 19092->19096 19093 7ff715764f4c 45 API calls 19094 7ff715777327 19093->19094 19098 7ff71576ef24 5 API calls 19094->19098 19101 7ff715777330 19094->19101 19097 7ff715770ba3 19095->19097 19099 7ff71576a948 __free_lconv_mon 11 API calls 19095->19099 19096->19095 19097->18949 19097->18950 19098->19101 19099->19097 19100 7ff7157654ac 14 API calls 19102 7ff71577738b 19100->19102 19101->19100 19102->19092 19103 7ff715777393 SetEnvironmentVariableW 19102->19103 19103->19092 19105 7ff7157710ac 19104->19105 19111 7ff71577108f 19104->19111 19106 7ff71576eb98 memcpy_s 11 API calls 19105->19106 19114 7ff7157710d0 19106->19114 19107 7ff715771131 19110 7ff71576a948 __free_lconv_mon 11 API calls 19107->19110 19108 7ff71576a504 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 19109 7ff71577115a 19108->19109 19110->19111 19111->18962 19112 7ff71576eb98 memcpy_s 11 API calls 19112->19114 19113 7ff71576a948 __free_lconv_mon 11 API calls 19113->19114 19114->19107 19114->19112 19114->19113 19115 7ff715770474 37 API calls 19114->19115 19116 7ff715771140 19114->19116 19118 7ff715771154 19114->19118 19115->19114 19117 7ff71576a900 _isindst 17 API calls 19116->19117 19117->19118 19118->19108 19120 7ff71576970c 19119->19120 19123 7ff715769715 19119->19123 19120->19123 19474 7ff71576920c 19120->19474 19123->18978 19123->18979 19126 7ff715776ff9 19125->19126 19130 7ff715777026 19125->19130 19127 7ff715776ffe 19126->19127 19126->19130 19128 7ff715764f08 memcpy_s 11 API calls 19127->19128 19131 7ff715777003 19128->19131 19129 7ff71577706a 19132 7ff715764f08 memcpy_s 11 API calls 19129->19132 19130->19129 19133 7ff715777089 19130->19133 19147 7ff71577705e __crtLCMapStringW 19130->19147 19134 7ff71576a8e0 _invalid_parameter_noinfo 37 API calls 19131->19134 19135 7ff71577706f 19132->19135 19136 7ff7157770a5 19133->19136 19137 7ff715777093 19133->19137 19138 7ff71577700e 19134->19138 19140 7ff71576a8e0 _invalid_parameter_noinfo 37 API calls 19135->19140 19139 7ff715764f4c 45 API calls 19136->19139 19141 7ff715764f08 memcpy_s 11 API calls 19137->19141 19138->18972 19143 7ff7157770b2 19139->19143 19140->19147 19142 7ff715777098 19141->19142 19144 7ff71576a8e0 _invalid_parameter_noinfo 37 API calls 19142->19144 19143->19147 19521 7ff715778b08 19143->19521 19144->19147 19147->18972 19148 7ff715764f08 memcpy_s 11 API calls 19148->19147 19150 7ff7157691b1 19149->19150 19159 7ff7157691ad 19149->19159 19172 7ff7157725f0 19150->19172 19155 7ff7157691c3 19157 7ff71576a948 __free_lconv_mon 11 API calls 19155->19157 19156 7ff7157691cf 19198 7ff71576927c 19156->19198 19157->19159 19159->19036 19164 7ff7157694ec 19159->19164 19161 7ff71576a948 __free_lconv_mon 11 API calls 19162 7ff7157691f6 19161->19162 19163 7ff71576a948 __free_lconv_mon 11 API calls 19162->19163 19163->19159 19165 7ff715769515 19164->19165 19170 7ff71576952e 19164->19170 19165->19036 19166 7ff7157707e8 WideCharToMultiByte 19166->19170 19167 7ff71576eb98 memcpy_s 11 API calls 19167->19170 19168 7ff7157695be 19169 7ff71576a948 __free_lconv_mon 11 API calls 19168->19169 19169->19165 19170->19165 19170->19166 19170->19167 19170->19168 19171 7ff71576a948 __free_lconv_mon 11 API calls 19170->19171 19171->19170 19173 7ff7157725fd 19172->19173 19174 7ff7157691b6 19172->19174 19217 7ff71576b224 19173->19217 19178 7ff71577292c GetEnvironmentStringsW 19174->19178 19179 7ff71577295c 19178->19179 19180 7ff7157691bb 19178->19180 19181 7ff7157707e8 WideCharToMultiByte 19179->19181 19180->19155 19180->19156 19182 7ff7157729ad 19181->19182 19183 7ff7157729b4 FreeEnvironmentStringsW 19182->19183 19184 7ff71576d5fc _fread_nolock 12 API calls 19182->19184 19183->19180 19185 7ff7157729c7 19184->19185 19186 7ff7157729d8 19185->19186 19187 7ff7157729cf 19185->19187 19189 7ff7157707e8 WideCharToMultiByte 19186->19189 19188 7ff71576a948 __free_lconv_mon 11 API calls 19187->19188 19190 7ff7157729d6 19188->19190 19191 7ff7157729fb 19189->19191 19190->19183 19192 7ff715772a09 19191->19192 19193 7ff7157729ff 19191->19193 19195 7ff71576a948 __free_lconv_mon 11 API calls 19192->19195 19194 7ff71576a948 __free_lconv_mon 11 API calls 19193->19194 19196 7ff715772a07 FreeEnvironmentStringsW 19194->19196 19195->19196 19196->19180 19199 7ff7157692a1 19198->19199 19200 7ff71576eb98 memcpy_s 11 API calls 19199->19200 19212 7ff7157692d7 19200->19212 19201 7ff7157692df 19202 7ff71576a948 __free_lconv_mon 11 API calls 19201->19202 19203 7ff7157691d7 19202->19203 19203->19161 19204 7ff715769352 19205 7ff71576a948 __free_lconv_mon 11 API calls 19204->19205 19205->19203 19206 7ff71576eb98 memcpy_s 11 API calls 19206->19212 19207 7ff715769341 19375 7ff7157694a8 19207->19375 19208 7ff71576a4a4 __std_exception_copy 37 API calls 19208->19212 19211 7ff715769377 19214 7ff71576a900 _isindst 17 API calls 19211->19214 19212->19201 19212->19204 19212->19206 19212->19207 19212->19208 19212->19211 19215 7ff71576a948 __free_lconv_mon 11 API calls 19212->19215 19213 7ff71576a948 __free_lconv_mon 11 API calls 19213->19201 19216 7ff71576938a 19214->19216 19215->19212 19218 7ff71576b235 FlsGetValue 19217->19218 19219 7ff71576b250 FlsSetValue 19217->19219 19220 7ff71576b24a 19218->19220 19221 7ff71576b242 19218->19221 19219->19221 19222 7ff71576b25d 19219->19222 19220->19219 19223 7ff71576a504 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 19221->19223 19225 7ff71576b248 19221->19225 19224 7ff71576eb98 memcpy_s 11 API calls 19222->19224 19226 7ff71576b2c5 19223->19226 19227 7ff71576b26c 19224->19227 19237 7ff7157722c4 19225->19237 19228 7ff71576b28a FlsSetValue 19227->19228 19229 7ff71576b27a FlsSetValue 19227->19229 19231 7ff71576b2a8 19228->19231 19232 7ff71576b296 FlsSetValue 19228->19232 19230 7ff71576b283 19229->19230 19234 7ff71576a948 __free_lconv_mon 11 API calls 19230->19234 19233 7ff71576aef4 memcpy_s 11 API calls 19231->19233 19232->19230 19235 7ff71576b2b0 19233->19235 19234->19221 19236 7ff71576a948 __free_lconv_mon 11 API calls 19235->19236 19236->19225 19260 7ff715772534 19237->19260 19239 7ff7157722f9 19275 7ff715771fc4 19239->19275 19242 7ff715772316 19242->19174 19243 7ff71576d5fc _fread_nolock 12 API calls 19244 7ff715772327 19243->19244 19245 7ff71577232f 19244->19245 19247 7ff71577233e 19244->19247 19246 7ff71576a948 __free_lconv_mon 11 API calls 19245->19246 19246->19242 19247->19247 19282 7ff71577266c 19247->19282 19250 7ff71577243a 19251 7ff715764f08 memcpy_s 11 API calls 19250->19251 19253 7ff71577243f 19251->19253 19252 7ff715772495 19255 7ff7157724fc 19252->19255 19293 7ff715771df4 19252->19293 19256 7ff71576a948 __free_lconv_mon 11 API calls 19253->19256 19254 7ff715772454 19254->19252 19257 7ff71576a948 __free_lconv_mon 11 API calls 19254->19257 19259 7ff71576a948 __free_lconv_mon 11 API calls 19255->19259 19256->19242 19257->19252 19259->19242 19261 7ff715772557 19260->19261 19262 7ff715772561 19261->19262 19308 7ff7157702d8 EnterCriticalSection 19261->19308 19264 7ff7157725d3 19262->19264 19267 7ff71576a504 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 19262->19267 19264->19239 19269 7ff7157725eb 19267->19269 19271 7ff715772642 19269->19271 19272 7ff71576b224 50 API calls 19269->19272 19271->19239 19273 7ff71577262c 19272->19273 19274 7ff7157722c4 65 API calls 19273->19274 19274->19271 19276 7ff715764f4c 45 API calls 19275->19276 19277 7ff715771fd8 19276->19277 19278 7ff715771ff6 19277->19278 19279 7ff715771fe4 GetOEMCP 19277->19279 19280 7ff71577200b 19278->19280 19281 7ff715771ffb GetACP 19278->19281 19279->19280 19280->19242 19280->19243 19281->19280 19283 7ff715771fc4 47 API calls 19282->19283 19284 7ff715772699 19283->19284 19285 7ff7157727ef 19284->19285 19287 7ff7157726d6 IsValidCodePage 19284->19287 19292 7ff7157726f0 memcpy_s 19284->19292 19286 7ff71575c550 _log10_special 8 API calls 19285->19286 19288 7ff715772431 19286->19288 19287->19285 19289 7ff7157726e7 19287->19289 19288->19250 19288->19254 19290 7ff715772716 GetCPInfo 19289->19290 19289->19292 19290->19285 19290->19292 19309 7ff7157720dc 19292->19309 19374 7ff7157702d8 EnterCriticalSection 19293->19374 19310 7ff715772119 GetCPInfo 19309->19310 19319 7ff71577220f 19309->19319 19316 7ff71577212c 19310->19316 19310->19319 19311 7ff71575c550 _log10_special 8 API calls 19313 7ff7157722ae 19311->19313 19312 7ff715772e40 48 API calls 19314 7ff7157721a3 19312->19314 19313->19285 19320 7ff715777b84 19314->19320 19316->19312 19318 7ff715777b84 54 API calls 19318->19319 19319->19311 19321 7ff715764f4c 45 API calls 19320->19321 19322 7ff715777ba9 19321->19322 19325 7ff715777850 19322->19325 19326 7ff715777891 19325->19326 19327 7ff71576f8a0 _fread_nolock MultiByteToWideChar 19326->19327 19330 7ff7157778db 19327->19330 19328 7ff715777b59 19329 7ff71575c550 _log10_special 8 API calls 19328->19329 19331 7ff7157721d6 19329->19331 19330->19328 19332 7ff71576d5fc _fread_nolock 12 API calls 19330->19332 19333 7ff715777a11 19330->19333 19335 7ff715777913 19330->19335 19331->19318 19332->19335 19333->19328 19334 7ff71576a948 __free_lconv_mon 11 API calls 19333->19334 19334->19328 19335->19333 19336 7ff71576f8a0 _fread_nolock MultiByteToWideChar 19335->19336 19337 7ff715777986 19336->19337 19337->19333 19356 7ff71576f0e4 19337->19356 19340 7ff7157779d1 19340->19333 19342 7ff71576f0e4 __crtLCMapStringW 6 API calls 19340->19342 19341 7ff715777a22 19343 7ff71576d5fc _fread_nolock 12 API calls 19341->19343 19344 7ff715777af4 19341->19344 19346 7ff715777a40 19341->19346 19342->19333 19343->19346 19344->19333 19345 7ff71576a948 __free_lconv_mon 11 API calls 19344->19345 19345->19333 19346->19333 19347 7ff71576f0e4 __crtLCMapStringW 6 API calls 19346->19347 19348 7ff715777ac0 19347->19348 19348->19344 19349 7ff715777af6 19348->19349 19350 7ff715777ae0 19348->19350 19352 7ff7157707e8 WideCharToMultiByte 19349->19352 19351 7ff7157707e8 WideCharToMultiByte 19350->19351 19353 7ff715777aee 19351->19353 19352->19353 19353->19344 19354 7ff715777b0e 19353->19354 19354->19333 19355 7ff71576a948 __free_lconv_mon 11 API calls 19354->19355 19355->19333 19362 7ff71576ed10 19356->19362 19360 7ff71576f193 LCMapStringW 19361 7ff71576f12a 19360->19361 19361->19333 19361->19340 19361->19341 19363 7ff71576ed6d 19362->19363 19369 7ff71576ed68 __vcrt_InitializeCriticalSectionEx 19362->19369 19363->19361 19371 7ff71576f1d0 19363->19371 19364 7ff71576ed9d LoadLibraryExW 19366 7ff71576ee72 19364->19366 19367 7ff71576edc2 GetLastError 19364->19367 19365 7ff71576ee92 GetProcAddress 19365->19363 19366->19365 19368 7ff71576ee89 FreeLibrary 19366->19368 19367->19369 19368->19365 19369->19363 19369->19364 19369->19365 19370 7ff71576edfc LoadLibraryExW 19369->19370 19370->19366 19370->19369 19372 7ff71576ed10 __crtLCMapStringW 5 API calls 19371->19372 19373 7ff71576f1fe __crtLCMapStringW 19372->19373 19373->19360 19376 7ff7157694ad 19375->19376 19380 7ff715769349 19375->19380 19377 7ff7157694d6 19376->19377 19378 7ff71576a948 __free_lconv_mon 11 API calls 19376->19378 19379 7ff71576a948 __free_lconv_mon 11 API calls 19377->19379 19378->19376 19379->19380 19380->19213 19382 7ff7157762d8 19381->19382 19383 7ff7157762c1 19381->19383 19382->19383 19385 7ff7157762e6 19382->19385 19384 7ff715764f08 memcpy_s 11 API calls 19383->19384 19386 7ff7157762c6 19384->19386 19387 7ff7157762d1 19385->19387 19389 7ff715764f4c 45 API calls 19385->19389 19388 7ff71576a8e0 _invalid_parameter_noinfo 37 API calls 19386->19388 19387->19071 19388->19387 19389->19387 19391 7ff715764f4c 45 API calls 19390->19391 19392 7ff715778f71 19391->19392 19395 7ff715778bc8 19392->19395 19399 7ff715778c16 19395->19399 19396 7ff71575c550 _log10_special 8 API calls 19397 7ff715777205 19396->19397 19397->19071 19397->19075 19398 7ff715778c9d 19400 7ff71576f8a0 _fread_nolock MultiByteToWideChar 19398->19400 19404 7ff715778ca1 19398->19404 19399->19398 19401 7ff715778c88 GetCPInfo 19399->19401 19399->19404 19402 7ff715778d35 19400->19402 19401->19398 19401->19404 19403 7ff71576d5fc _fread_nolock 12 API calls 19402->19403 19402->19404 19405 7ff715778d6c 19402->19405 19403->19405 19404->19396 19405->19404 19406 7ff71576f8a0 _fread_nolock MultiByteToWideChar 19405->19406 19407 7ff715778dda 19406->19407 19408 7ff715778ebc 19407->19408 19409 7ff71576f8a0 _fread_nolock MultiByteToWideChar 19407->19409 19408->19404 19410 7ff71576a948 __free_lconv_mon 11 API calls 19408->19410 19411 7ff715778e00 19409->19411 19410->19404 19411->19408 19412 7ff71576d5fc _fread_nolock 12 API calls 19411->19412 19413 7ff715778e2d 19411->19413 19412->19413 19413->19408 19414 7ff71576f8a0 _fread_nolock MultiByteToWideChar 19413->19414 19415 7ff715778ea4 19414->19415 19416 7ff715778eaa 19415->19416 19417 7ff715778ec4 19415->19417 19416->19408 19419 7ff71576a948 __free_lconv_mon 11 API calls 19416->19419 19424 7ff71576ef68 19417->19424 19419->19408 19421 7ff715778f03 19421->19404 19423 7ff71576a948 __free_lconv_mon 11 API calls 19421->19423 19422 7ff71576a948 __free_lconv_mon 11 API calls 19422->19421 19423->19404 19425 7ff71576ed10 __crtLCMapStringW 5 API calls 19424->19425 19426 7ff71576efa6 19425->19426 19427 7ff71576efae 19426->19427 19428 7ff71576f1d0 __crtLCMapStringW 5 API calls 19426->19428 19427->19421 19427->19422 19429 7ff71576f017 CompareStringW 19428->19429 19429->19427 19431 7ff715777c5a HeapSize 19430->19431 19432 7ff715777c41 19430->19432 19433 7ff715764f08 memcpy_s 11 API calls 19432->19433 19434 7ff715777c46 19433->19434 19435 7ff71576a8e0 _invalid_parameter_noinfo 37 API calls 19434->19435 19436 7ff715777c51 19435->19436 19436->19079 19438 7ff715777c89 19437->19438 19439 7ff715777c93 19437->19439 19440 7ff71576d5fc _fread_nolock 12 API calls 19438->19440 19441 7ff715777c98 19439->19441 19447 7ff715777c9f memcpy_s 19439->19447 19445 7ff715777c91 19440->19445 19442 7ff71576a948 __free_lconv_mon 11 API calls 19441->19442 19442->19445 19443 7ff715777ca5 19446 7ff715764f08 memcpy_s 11 API calls 19443->19446 19444 7ff715777cd2 HeapReAlloc 19444->19445 19444->19447 19445->19084 19446->19445 19447->19443 19447->19444 19448 7ff715773590 memcpy_s 2 API calls 19447->19448 19448->19447 19450 7ff71576ed10 __crtLCMapStringW 5 API calls 19449->19450 19451 7ff71576ef44 19450->19451 19451->19088 19453 7ff7157654fa 19452->19453 19454 7ff7157654d6 19452->19454 19455 7ff715765554 19453->19455 19456 7ff7157654ff 19453->19456 19458 7ff71576a948 __free_lconv_mon 11 API calls 19454->19458 19461 7ff7157654e5 19454->19461 19457 7ff71576f8a0 _fread_nolock MultiByteToWideChar 19455->19457 19459 7ff715765514 19456->19459 19456->19461 19462 7ff71576a948 __free_lconv_mon 11 API calls 19456->19462 19460 7ff715765570 19457->19460 19458->19461 19463 7ff71576d5fc _fread_nolock 12 API calls 19459->19463 19464 7ff715765577 GetLastError 19460->19464 19466 7ff7157655a5 19460->19466 19469 7ff71576a948 __free_lconv_mon 11 API calls 19460->19469 19473 7ff7157655b2 19460->19473 19461->19092 19461->19093 19462->19459 19463->19461 19465 7ff715764e7c _fread_nolock 11 API calls 19464->19465 19468 7ff715765584 19465->19468 19470 7ff71576d5fc _fread_nolock 12 API calls 19466->19470 19467 7ff71576f8a0 _fread_nolock MultiByteToWideChar 19471 7ff7157655f6 19467->19471 19472 7ff715764f08 memcpy_s 11 API calls 19468->19472 19469->19466 19470->19473 19471->19461 19471->19464 19472->19461 19473->19461 19473->19467 19475 7ff715769225 19474->19475 19486 7ff715769221 19474->19486 19495 7ff715772a3c GetEnvironmentStringsW 19475->19495 19478 7ff71576923e 19502 7ff71576938c 19478->19502 19479 7ff715769232 19480 7ff71576a948 __free_lconv_mon 11 API calls 19479->19480 19480->19486 19483 7ff71576a948 __free_lconv_mon 11 API calls 19484 7ff715769265 19483->19484 19485 7ff71576a948 __free_lconv_mon 11 API calls 19484->19485 19485->19486 19486->19123 19487 7ff7157695cc 19486->19487 19488 7ff7157695ef 19487->19488 19490 7ff715769606 19487->19490 19488->19123 19489 7ff71576f8a0 MultiByteToWideChar _fread_nolock 19489->19490 19490->19488 19490->19489 19491 7ff71576eb98 memcpy_s 11 API calls 19490->19491 19492 7ff71576967a 19490->19492 19494 7ff71576a948 __free_lconv_mon 11 API calls 19490->19494 19491->19490 19493 7ff71576a948 __free_lconv_mon 11 API calls 19492->19493 19493->19488 19494->19490 19496 7ff71576922a 19495->19496 19497 7ff715772a60 19495->19497 19496->19478 19496->19479 19498 7ff71576d5fc _fread_nolock 12 API calls 19497->19498 19501 7ff715772a97 memcpy_s 19498->19501 19499 7ff71576a948 __free_lconv_mon 11 API calls 19500 7ff715772ab7 FreeEnvironmentStringsW 19499->19500 19500->19496 19501->19499 19503 7ff7157693b4 19502->19503 19504 7ff71576eb98 memcpy_s 11 API calls 19503->19504 19515 7ff7157693ef 19504->19515 19505 7ff7157693f7 19506 7ff71576a948 __free_lconv_mon 11 API calls 19505->19506 19507 7ff715769246 19506->19507 19507->19483 19508 7ff715769471 19509 7ff71576a948 __free_lconv_mon 11 API calls 19508->19509 19509->19507 19510 7ff71576eb98 memcpy_s 11 API calls 19510->19515 19511 7ff715769460 19513 7ff7157694a8 11 API calls 19511->19513 19512 7ff715770474 37 API calls 19512->19515 19514 7ff715769468 19513->19514 19517 7ff71576a948 __free_lconv_mon 11 API calls 19514->19517 19515->19505 19515->19508 19515->19510 19515->19511 19515->19512 19516 7ff715769494 19515->19516 19519 7ff71576a948 __free_lconv_mon 11 API calls 19515->19519 19518 7ff71576a900 _isindst 17 API calls 19516->19518 19517->19505 19520 7ff7157694a6 19518->19520 19519->19515 19522 7ff715778b31 __crtLCMapStringW 19521->19522 19523 7ff7157770ee 19522->19523 19524 7ff71576ef68 6 API calls 19522->19524 19523->19147 19523->19148 19524->19523 20481 7ff71575cb50 20482 7ff71575cb60 20481->20482 20498 7ff715769ba8 20482->20498 20484 7ff71575cb6c 20504 7ff71575ce48 20484->20504 20486 7ff71575d12c 7 API calls 20488 7ff71575cc05 20486->20488 20487 7ff71575cb84 _RTC_Initialize 20496 7ff71575cbd9 20487->20496 20509 7ff71575cff8 20487->20509 20490 7ff71575cb99 20512 7ff715769014 20490->20512 20496->20486 20497 7ff71575cbf5 20496->20497 20499 7ff715769bb9 20498->20499 20500 7ff715764f08 memcpy_s 11 API calls 20499->20500 20503 7ff715769bc1 20499->20503 20501 7ff715769bd0 20500->20501 20502 7ff71576a8e0 _invalid_parameter_noinfo 37 API calls 20501->20502 20502->20503 20503->20484 20505 7ff71575ce59 20504->20505 20508 7ff71575ce5e __scrt_release_startup_lock 20504->20508 20506 7ff71575d12c 7 API calls 20505->20506 20505->20508 20507 7ff71575ced2 20506->20507 20508->20487 20537 7ff71575cfbc 20509->20537 20511 7ff71575d001 20511->20490 20513 7ff715769034 20512->20513 20527 7ff71575cba5 20512->20527 20514 7ff71576903c 20513->20514 20515 7ff715769052 GetModuleFileNameW 20513->20515 20516 7ff715764f08 memcpy_s 11 API calls 20514->20516 20519 7ff71576907d 20515->20519 20517 7ff715769041 20516->20517 20518 7ff71576a8e0 _invalid_parameter_noinfo 37 API calls 20517->20518 20518->20527 20520 7ff715768fb4 11 API calls 20519->20520 20521 7ff7157690bd 20520->20521 20522 7ff7157690c5 20521->20522 20525 7ff7157690dd 20521->20525 20523 7ff715764f08 memcpy_s 11 API calls 20522->20523 20524 7ff7157690ca 20523->20524 20526 7ff71576a948 __free_lconv_mon 11 API calls 20524->20526 20529 7ff71576912b 20525->20529 20531 7ff715769144 20525->20531 20535 7ff7157690ff 20525->20535 20526->20527 20527->20496 20536 7ff71575d0cc InitializeSListHead 20527->20536 20528 7ff71576a948 __free_lconv_mon 11 API calls 20528->20527 20530 7ff71576a948 __free_lconv_mon 11 API calls 20529->20530 20532 7ff715769134 20530->20532 20533 7ff71576a948 __free_lconv_mon 11 API calls 20531->20533 20534 7ff71576a948 __free_lconv_mon 11 API calls 20532->20534 20533->20535 20534->20527 20535->20528 20538 7ff71575cfd6 20537->20538 20539 7ff71575cfcf 20537->20539 20541 7ff71576a1ec 20538->20541 20539->20511 20544 7ff715769e28 20541->20544 20551 7ff7157702d8 EnterCriticalSection 20544->20551 20257 7ff71576afd0 20258 7ff71576afd5 20257->20258 20259 7ff71576afea 20257->20259 20263 7ff71576aff0 20258->20263 20264 7ff71576b03a 20263->20264 20265 7ff71576b032 20263->20265 20267 7ff71576a948 __free_lconv_mon 11 API calls 20264->20267 20266 7ff71576a948 __free_lconv_mon 11 API calls 20265->20266 20266->20264 20268 7ff71576b047 20267->20268 20269 7ff71576a948 __free_lconv_mon 11 API calls 20268->20269 20270 7ff71576b054 20269->20270 20271 7ff71576a948 __free_lconv_mon 11 API calls 20270->20271 20272 7ff71576b061 20271->20272 20273 7ff71576a948 __free_lconv_mon 11 API calls 20272->20273 20274 7ff71576b06e 20273->20274 20275 7ff71576a948 __free_lconv_mon 11 API calls 20274->20275 20276 7ff71576b07b 20275->20276 20277 7ff71576a948 __free_lconv_mon 11 API calls 20276->20277 20278 7ff71576b088 20277->20278 20279 7ff71576a948 __free_lconv_mon 11 API calls 20278->20279 20280 7ff71576b095 20279->20280 20281 7ff71576a948 __free_lconv_mon 11 API calls 20280->20281 20282 7ff71576b0a5 20281->20282 20283 7ff71576a948 __free_lconv_mon 11 API calls 20282->20283 20284 7ff71576b0b5 20283->20284 20289 7ff71576ae94 20284->20289 20303 7ff7157702d8 EnterCriticalSection 20289->20303 20555 7ff715769d50 20558 7ff715769ccc 20555->20558 20565 7ff7157702d8 EnterCriticalSection 20558->20565 20305 7ff71577abe3 20306 7ff71577abf3 20305->20306 20309 7ff715765478 LeaveCriticalSection 20306->20309 19525 7ff71575bae0 19526 7ff71575bb0e 19525->19526 19527 7ff71575baf5 19525->19527 19527->19526 19529 7ff71576d5fc 12 API calls 19527->19529 19528 7ff71575bb6e 19529->19528 20644 7ff71577ad69 20647 7ff715765478 LeaveCriticalSection 20644->20647 20379 7ff71577adfe 20380 7ff71577ae0d 20379->20380 20381 7ff71577ae17 20379->20381 20383 7ff715770338 LeaveCriticalSection 20380->20383 18720 7ff71576f98c 18721 7ff71576fb7e 18720->18721 18723 7ff71576f9ce _isindst 18720->18723 18722 7ff715764f08 memcpy_s 11 API calls 18721->18722 18740 7ff71576fb6e 18722->18740 18723->18721 18726 7ff71576fa4e _isindst 18723->18726 18724 7ff71575c550 _log10_special 8 API calls 18725 7ff71576fb99 18724->18725 18741 7ff715776194 18726->18741 18731 7ff71576fbaa 18732 7ff71576a900 _isindst 17 API calls 18731->18732 18734 7ff71576fbbe 18732->18734 18738 7ff71576faab 18738->18740 18766 7ff7157761d8 18738->18766 18740->18724 18742 7ff7157761a3 18741->18742 18743 7ff71576fa6c 18741->18743 18773 7ff7157702d8 EnterCriticalSection 18742->18773 18748 7ff715775598 18743->18748 18749 7ff71576fa81 18748->18749 18750 7ff7157755a1 18748->18750 18749->18731 18754 7ff7157755c8 18749->18754 18751 7ff715764f08 memcpy_s 11 API calls 18750->18751 18752 7ff7157755a6 18751->18752 18753 7ff71576a8e0 _invalid_parameter_noinfo 37 API calls 18752->18753 18753->18749 18755 7ff7157755d1 18754->18755 18759 7ff71576fa92 18754->18759 18756 7ff715764f08 memcpy_s 11 API calls 18755->18756 18757 7ff7157755d6 18756->18757 18758 7ff71576a8e0 _invalid_parameter_noinfo 37 API calls 18757->18758 18758->18759 18759->18731 18760 7ff7157755f8 18759->18760 18761 7ff71576faa3 18760->18761 18762 7ff715775601 18760->18762 18761->18731 18761->18738 18763 7ff715764f08 memcpy_s 11 API calls 18762->18763 18764 7ff715775606 18763->18764 18765 7ff71576a8e0 _invalid_parameter_noinfo 37 API calls 18764->18765 18765->18761 18774 7ff7157702d8 EnterCriticalSection 18766->18774 20393 7ff715765410 20394 7ff71576541b 20393->20394 20402 7ff71576f2a4 20394->20402 20415 7ff7157702d8 EnterCriticalSection 20402->20415

                                                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                                                        Function 00007FF7157589E0 Relevance: 70.3, APIs: 36, Strings: 4, Instructions: 257synchronizationwindowregistryCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 0 7ff7157589e0-7ff715758b26 call 7ff71575c850 call 7ff715759390 SetConsoleCtrlHandler GetStartupInfoW call 7ff7157653f0 call 7ff71576a47c call 7ff71576871c call 7ff7157653f0 call 7ff71576a47c call 7ff71576871c call 7ff7157653f0 call 7ff71576a47c call 7ff71576871c GetCommandLineW CreateProcessW 23 7ff715758b4d-7ff715758b89 RegisterClassW 0->23 24 7ff715758b28-7ff715758b48 GetLastError call 7ff715752c50 0->24 26 7ff715758b8b GetLastError 23->26 27 7ff715758b91-7ff715758be5 CreateWindowExW 23->27 32 7ff715758e39-7ff715758e5f call 7ff71575c550 24->32 26->27 29 7ff715758be7-7ff715758bed GetLastError 27->29 30 7ff715758bef-7ff715758bf4 ShowWindow 27->30 31 7ff715758bfa-7ff715758c0a WaitForSingleObject 29->31 30->31 33 7ff715758c0c 31->33 34 7ff715758c88-7ff715758c8f 31->34 36 7ff715758c10-7ff715758c13 33->36 37 7ff715758cd2-7ff715758cd9 34->37 38 7ff715758c91-7ff715758ca1 WaitForSingleObject 34->38 40 7ff715758c1b-7ff715758c22 36->40 41 7ff715758c15 GetLastError 36->41 44 7ff715758dc0-7ff715758dd9 GetMessageW 37->44 45 7ff715758cdf-7ff715758cf5 QueryPerformanceFrequency QueryPerformanceCounter 37->45 42 7ff715758df8-7ff715758e02 38->42 43 7ff715758ca7-7ff715758cb7 TerminateProcess 38->43 40->38 46 7ff715758c24-7ff715758c41 PeekMessageW 40->46 41->40 49 7ff715758e04-7ff715758e0a DestroyWindow 42->49 50 7ff715758e11-7ff715758e35 GetExitCodeProcess CloseHandle * 2 42->50 51 7ff715758cb9 GetLastError 43->51 52 7ff715758cbf-7ff715758ccd WaitForSingleObject 43->52 47 7ff715758ddb-7ff715758de9 TranslateMessage DispatchMessageW 44->47 48 7ff715758def-7ff715758df6 44->48 53 7ff715758d00-7ff715758d38 MsgWaitForMultipleObjects PeekMessageW 45->53 56 7ff715758c43-7ff715758c74 TranslateMessage DispatchMessageW PeekMessageW 46->56 57 7ff715758c76-7ff715758c86 WaitForSingleObject 46->57 47->48 48->42 48->44 49->50 50->32 51->52 52->42 54 7ff715758d3a 53->54 55 7ff715758d73-7ff715758d7a 53->55 58 7ff715758d40-7ff715758d71 TranslateMessage DispatchMessageW PeekMessageW 54->58 55->44 59 7ff715758d7c-7ff715758da5 QueryPerformanceCounter 55->59 56->56 56->57 57->34 57->36 58->55 58->58 59->53 60 7ff715758dab-7ff715758db2 59->60 60->42 61 7ff715758db4-7ff715758db8 60->61 61->44
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Message$ErrorLast$ObjectProcessSingleWait$CloseCreateHandlePeekWindow_invalid_parameter_noinfo$ByteCharClassCodeCommandConsoleCtrlCurrentDestroyDispatchExitFormatHandlerInfoLineMultiRegisterStartupTerminateTranslateWide
                                                                                                                                                                                                                                                        • String ID: CreateProcessW$Failed to create child process!$PyInstaller Onefile Hidden Window$PyInstallerOnefileHiddenWindow
                                                                                                                                                                                                                                                        • API String ID: 3832162212-3165540532
                                                                                                                                                                                                                                                        • Opcode ID: 99838be411f58a84d89697932930ae4644c798f1dd42cd928399edbb9bf0e48e
                                                                                                                                                                                                                                                        • Instruction ID: eeab82a36a81ca113f3fecc1650c22d8c59d77ea189230f22ac0e4dc7cf71023
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 99838be411f58a84d89697932930ae4644c798f1dd42cd928399edbb9bf0e48e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 30D16231A18E8286EB14AF34E85A2B9B774FB48F68F900235DA5D42AB4DF3CD54DC710
                                                                                                                                                                                                                                                        Function 00007FF715751000 Relevance: 61.8, APIs: 7, Strings: 28, Instructions: 511COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 62 7ff715751000-7ff715753806 call 7ff71575fe18 call 7ff71575fe20 call 7ff71575c850 call 7ff7157653f0 call 7ff715765484 call 7ff7157536b0 76 7ff715753808-7ff71575380f 62->76 77 7ff715753814-7ff715753836 call 7ff715751950 62->77 78 7ff715753c97-7ff715753cb2 call 7ff71575c550 76->78 82 7ff71575391b-7ff715753931 call 7ff7157545c0 77->82 83 7ff71575383c-7ff715753856 call 7ff715751c80 77->83 90 7ff71575396a-7ff71575397f call 7ff715752710 82->90 91 7ff715753933-7ff715753960 call 7ff715757f90 82->91 87 7ff71575385b-7ff71575389b call 7ff715758830 83->87 96 7ff71575389d-7ff7157538a3 87->96 97 7ff7157538c1-7ff7157538cc call 7ff715764f30 87->97 101 7ff715753c8f 90->101 99 7ff715753984-7ff7157539a6 call 7ff715751c80 91->99 100 7ff715753962-7ff715753965 call 7ff71576004c 91->100 102 7ff7157538a5-7ff7157538ad 96->102 103 7ff7157538af-7ff7157538bd call 7ff7157589a0 96->103 109 7ff7157539fc-7ff715753a2a call 7ff715758940 call 7ff7157589a0 * 3 97->109 110 7ff7157538d2-7ff7157538e1 call 7ff715758830 97->110 115 7ff7157539b0-7ff7157539b9 99->115 100->90 101->78 102->103 103->97 138 7ff715753a2f-7ff715753a3e call 7ff715758830 109->138 119 7ff7157538e7-7ff7157538ed 110->119 120 7ff7157539f4-7ff7157539f7 call 7ff715764f30 110->120 115->115 118 7ff7157539bb-7ff7157539d8 call 7ff715751950 115->118 118->87 130 7ff7157539de-7ff7157539ef call 7ff715752710 118->130 124 7ff7157538f0-7ff7157538fc 119->124 120->109 127 7ff7157538fe-7ff715753903 124->127 128 7ff715753905-7ff715753908 124->128 127->124 127->128 128->120 131 7ff71575390e-7ff715753916 call 7ff715764f30 128->131 130->101 131->138 141 7ff715753a44-7ff715753a47 138->141 142 7ff715753b45-7ff715753b53 138->142 141->142 145 7ff715753a4d-7ff715753a50 141->145 143 7ff715753a67 142->143 144 7ff715753b59-7ff715753b5d 142->144 146 7ff715753a6b-7ff715753a90 call 7ff715764f30 143->146 144->146 147 7ff715753b14-7ff715753b17 145->147 148 7ff715753a56-7ff715753a5a 145->148 157 7ff715753aab-7ff715753ac0 146->157 158 7ff715753a92-7ff715753aa6 call 7ff715758940 146->158 149 7ff715753b19-7ff715753b1d 147->149 150 7ff715753b2f-7ff715753b40 call 7ff715752710 147->150 148->147 152 7ff715753a60 148->152 149->150 153 7ff715753b1f-7ff715753b2a 149->153 159 7ff715753c7f-7ff715753c87 150->159 152->143 153->146 161 7ff715753be8-7ff715753bfa call 7ff715758830 157->161 162 7ff715753ac6-7ff715753aca 157->162 158->157 159->101 170 7ff715753bfc-7ff715753c02 161->170 171 7ff715753c2e 161->171 164 7ff715753bcd-7ff715753be2 call 7ff715751940 162->164 165 7ff715753ad0-7ff715753ae8 call 7ff715765250 162->165 164->161 164->162 175 7ff715753aea-7ff715753b02 call 7ff715765250 165->175 176 7ff715753b62-7ff715753b7a call 7ff715765250 165->176 173 7ff715753c1e-7ff715753c2c 170->173 174 7ff715753c04-7ff715753c1c 170->174 177 7ff715753c31-7ff715753c40 call 7ff715764f30 171->177 173->177 174->177 175->164 188 7ff715753b08-7ff715753b0f 175->188 186 7ff715753b7c-7ff715753b80 176->186 187 7ff715753b87-7ff715753b9f call 7ff715765250 176->187 184 7ff715753c46-7ff715753c4a 177->184 185 7ff715753d41-7ff715753d63 call 7ff7157544e0 177->185 189 7ff715753cd4-7ff715753ce6 call 7ff715758830 184->189 190 7ff715753c50-7ff715753c5f call 7ff7157590e0 184->190 199 7ff715753d65-7ff715753d6f call 7ff715754630 185->199 200 7ff715753d71-7ff715753d82 call 7ff715751c80 185->200 186->187 201 7ff715753bac-7ff715753bc4 call 7ff715765250 187->201 202 7ff715753ba1-7ff715753ba5 187->202 188->164 206 7ff715753ce8-7ff715753ceb 189->206 207 7ff715753d35-7ff715753d3c 189->207 204 7ff715753cb3-7ff715753cb6 call 7ff715758660 190->204 205 7ff715753c61 190->205 214 7ff715753d87-7ff715753d96 199->214 200->214 201->164 216 7ff715753bc6 201->216 202->201 221 7ff715753cbb-7ff715753cbd 204->221 211 7ff715753c68 call 7ff715752710 205->211 206->207 212 7ff715753ced-7ff715753d10 call 7ff715751c80 206->212 207->211 224 7ff715753c6d-7ff715753c77 211->224 229 7ff715753d2b-7ff715753d33 call 7ff715764f30 212->229 230 7ff715753d12-7ff715753d26 call 7ff715752710 call 7ff715764f30 212->230 219 7ff715753d98-7ff715753d9f 214->219 220 7ff715753dc4-7ff715753dda call 7ff715759390 214->220 216->164 219->220 226 7ff715753da1-7ff715753da5 219->226 232 7ff715753ddc 220->232 233 7ff715753de8-7ff715753e04 SetDllDirectoryW 220->233 222 7ff715753cc8-7ff715753ccf 221->222 223 7ff715753cbf-7ff715753cc6 221->223 222->214 223->211 224->159 226->220 231 7ff715753da7-7ff715753dbe SetDllDirectoryW LoadLibraryExW 226->231 229->214 230->224 231->220 232->233 237 7ff715753e0a-7ff715753e19 call 7ff715758830 233->237 238 7ff715753f01-7ff715753f08 233->238 251 7ff715753e1b-7ff715753e21 237->251 252 7ff715753e32-7ff715753e3c call 7ff715764f30 237->252 242 7ff715753f0e-7ff715753f15 238->242 243 7ff715754008-7ff715754010 238->243 242->243 244 7ff715753f1b-7ff715753f25 call 7ff7157533c0 242->244 245 7ff715754035-7ff715754067 call 7ff7157536a0 call 7ff715753360 call 7ff715753670 call 7ff715756fc0 call 7ff715756d70 243->245 246 7ff715754012-7ff71575402f PostMessageW GetMessageW 243->246 244->224 258 7ff715753f2b-7ff715753f3f call 7ff7157590c0 244->258 246->245 255 7ff715753e2d-7ff715753e2f 251->255 256 7ff715753e23-7ff715753e2b 251->256 263 7ff715753ef2-7ff715753efc call 7ff715758940 252->263 264 7ff715753e42-7ff715753e48 252->264 255->252 256->255 269 7ff715753f64-7ff715753f7a call 7ff715758940 call 7ff7157589e0 258->269 270 7ff715753f41-7ff715753f5e PostMessageW GetMessageW 258->270 263->238 264->263 268 7ff715753e4e-7ff715753e54 264->268 272 7ff715753e56-7ff715753e58 268->272 273 7ff715753e5f-7ff715753e61 268->273 285 7ff715753f7f-7ff715753fa7 call 7ff715756fc0 call 7ff715756d70 call 7ff7157588e0 269->285 270->269 274 7ff715753e67-7ff715753e83 call 7ff715756dc0 call 7ff715757340 272->274 275 7ff715753e5a 272->275 273->238 273->274 289 7ff715753e8e-7ff715753e95 274->289 290 7ff715753e85-7ff715753e8c 274->290 275->238 310 7ff715753fa9-7ff715753fbf call 7ff715758ed0 call 7ff7157588e0 285->310 311 7ff715753ff5-7ff715754003 call 7ff715751900 285->311 293 7ff715753e97-7ff715753ea4 call 7ff715756e00 289->293 294 7ff715753eaf-7ff715753eb9 call 7ff7157571b0 289->294 292 7ff715753edb-7ff715753ef0 call 7ff715752a50 call 7ff715756fc0 call 7ff715756d70 290->292 292->238 293->294 308 7ff715753ea6-7ff715753ead 293->308 304 7ff715753ebb-7ff715753ec2 294->304 305 7ff715753ec4-7ff715753ed2 call 7ff7157574f0 294->305 304->292 305->238 318 7ff715753ed4 305->318 308->292 310->311 323 7ff715753fc1-7ff715753fd6 310->323 311->224 318->292 324 7ff715753fd8-7ff715753feb call 7ff715752710 call 7ff715751900 323->324 325 7ff715753ff0 call 7ff715752a50 323->325 324->224 325->311
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ErrorFileLastModuleName
                                                                                                                                                                                                                                                        • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag$pyi-runtime-tmpdir
                                                                                                                                                                                                                                                        • API String ID: 2776309574-4232158417
                                                                                                                                                                                                                                                        • Opcode ID: f34adffd595ae6d0ab4ff6508a6aaa05fd206487cbf925b5956127d2412d9179
                                                                                                                                                                                                                                                        • Instruction ID: 58dd2ba80dbce8395e45d855a4c0d074b63ba3ff94bdad1ae7dd072854ad1923
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f34adffd595ae6d0ab4ff6508a6aaa05fd206487cbf925b5956127d2412d9179
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 91328161A28E8251FA1DBB24D45A2B9A771AF4CF60FC44436DA5D432F6EF2CE55CC320
                                                                                                                                                                                                                                                        Function 00007FF715775C00 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 479 7ff715775c00-7ff715775c3b call 7ff715775588 call 7ff715775590 call 7ff7157755f8 486 7ff715775e65-7ff715775eb1 call 7ff71576a900 call 7ff715775588 call 7ff715775590 call 7ff7157755f8 479->486 487 7ff715775c41-7ff715775c4c call 7ff715775598 479->487 513 7ff715775eb7-7ff715775ec2 call 7ff715775598 486->513 514 7ff715775fef-7ff71577605d call 7ff71576a900 call 7ff715771578 486->514 487->486 492 7ff715775c52-7ff715775c5c 487->492 494 7ff715775c7e-7ff715775c82 492->494 495 7ff715775c5e-7ff715775c61 492->495 498 7ff715775c85-7ff715775c8d 494->498 497 7ff715775c64-7ff715775c6f 495->497 500 7ff715775c7a-7ff715775c7c 497->500 501 7ff715775c71-7ff715775c78 497->501 498->498 502 7ff715775c8f-7ff715775ca2 call 7ff71576d5fc 498->502 500->494 505 7ff715775cab-7ff715775cb9 500->505 501->497 501->500 510 7ff715775cba-7ff715775cc6 call 7ff71576a948 502->510 511 7ff715775ca4-7ff715775ca6 call 7ff71576a948 502->511 519 7ff715775ccd-7ff715775cd5 510->519 511->505 513->514 523 7ff715775ec8-7ff715775ed3 call 7ff7157755c8 513->523 533 7ff71577606b-7ff71577606e 514->533 534 7ff71577605f-7ff715776066 514->534 519->519 522 7ff715775cd7-7ff715775ce8 call 7ff715770474 519->522 522->486 531 7ff715775cee-7ff715775d44 call 7ff71577a4d0 * 4 call 7ff715775b1c 522->531 523->514 532 7ff715775ed9-7ff715775efc call 7ff71576a948 GetTimeZoneInformation 523->532 591 7ff715775d46-7ff715775d4a 531->591 549 7ff715775fc4-7ff715775fee call 7ff715775580 call 7ff715775570 call 7ff715775578 532->549 550 7ff715775f02-7ff715775f23 532->550 535 7ff7157760a5-7ff7157760b8 call 7ff71576d5fc 533->535 536 7ff715776070 533->536 539 7ff7157760fb-7ff7157760fe 534->539 553 7ff7157760ba 535->553 554 7ff7157760c3-7ff7157760de call 7ff715771578 535->554 540 7ff715776073 536->540 539->540 541 7ff715776104-7ff71577610c call 7ff715775c00 539->541 546 7ff715776078-7ff7157760a4 call 7ff71576a948 call 7ff71575c550 540->546 547 7ff715776073 call 7ff715775e7c 540->547 541->546 547->546 557 7ff715775f2e-7ff715775f35 550->557 558 7ff715775f25-7ff715775f2b 550->558 561 7ff7157760bc-7ff7157760c1 call 7ff71576a948 553->561 578 7ff7157760e5-7ff7157760f7 call 7ff71576a948 554->578 579 7ff7157760e0-7ff7157760e3 554->579 564 7ff715775f49 557->564 565 7ff715775f37-7ff715775f3f 557->565 558->557 561->536 573 7ff715775f4b-7ff715775fbf call 7ff71577a4d0 * 4 call 7ff715772b5c call 7ff715776114 * 2 564->573 565->564 567 7ff715775f41-7ff715775f47 565->567 567->573 573->549 578->539 579->561 593 7ff715775d4c 591->593 594 7ff715775d50-7ff715775d54 591->594 593->594 594->591 596 7ff715775d56-7ff715775d7b call 7ff715766b58 594->596 602 7ff715775d7e-7ff715775d82 596->602 604 7ff715775d84-7ff715775d8f 602->604 605 7ff715775d91-7ff715775d95 602->605 604->605 607 7ff715775d97-7ff715775d9b 604->607 605->602 609 7ff715775d9d-7ff715775dc5 call 7ff715766b58 607->609 610 7ff715775e1c-7ff715775e20 607->610 619 7ff715775dc7 609->619 620 7ff715775de3-7ff715775de7 609->620 612 7ff715775e27-7ff715775e34 610->612 613 7ff715775e22-7ff715775e24 610->613 615 7ff715775e36-7ff715775e4c call 7ff715775b1c 612->615 616 7ff715775e4f-7ff715775e5e call 7ff715775580 call 7ff715775570 612->616 613->612 615->616 616->486 625 7ff715775dca-7ff715775dd1 619->625 620->610 623 7ff715775de9-7ff715775e07 call 7ff715766b58 620->623 631 7ff715775e13-7ff715775e1a 623->631 625->620 626 7ff715775dd3-7ff715775de1 625->626 626->620 626->625 631->610 632 7ff715775e09-7ff715775e0d 631->632 632->610 633 7ff715775e0f 632->633 633->631
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF715775C45
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF715775598: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7157755AC
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF71576A948: RtlFreeHeap.NTDLL(?,?,?,00007FF715772D22,?,?,?,00007FF715772D5F,?,?,00000000,00007FF715773225,?,?,?,00007FF715773157), ref: 00007FF71576A95E
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF71576A948: GetLastError.KERNEL32(?,?,?,00007FF715772D22,?,?,?,00007FF715772D5F,?,?,00000000,00007FF715773225,?,?,?,00007FF715773157), ref: 00007FF71576A968
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF71576A900: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF71576A8DF,?,?,?,?,?,00007FF71576A7CA), ref: 00007FF71576A909
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF71576A900: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF71576A8DF,?,?,?,?,?,00007FF71576A7CA), ref: 00007FF71576A92E
                                                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF715775C34
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7157755F8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF71577560C
                                                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF715775EAA
                                                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF715775EBB
                                                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF715775ECC
                                                                                                                                                                                                                                                        • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF71577610C), ref: 00007FF715775EF3
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                                                                        • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                                                        • API String ID: 4070488512-239921721
                                                                                                                                                                                                                                                        • Opcode ID: c8e181fbda5929fcc8f6a75e148055e791a7ddaa32984997676ab034941af52a
                                                                                                                                                                                                                                                        • Instruction ID: 9e39518a609a6a74b2dae16810a91f1e1df50635db8635f9d124edf7f939a3c6
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c8e181fbda5929fcc8f6a75e148055e791a7ddaa32984997676ab034941af52a
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3FD1D522A08A8246E728BF26E44A5B9E751EF4CFB4FC48135DA0D476B5DF3CE44D8760
                                                                                                                                                                                                                                                        Function 00007FF715776964 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 693 7ff715776964-7ff7157769d7 call 7ff715776698 696 7ff7157769d9-7ff7157769e2 call 7ff715764ee8 693->696 697 7ff7157769f1-7ff7157769fb call 7ff715768520 693->697 702 7ff7157769e5-7ff7157769ec call 7ff715764f08 696->702 703 7ff7157769fd-7ff715776a14 call 7ff715764ee8 call 7ff715764f08 697->703 704 7ff715776a16-7ff715776a7f CreateFileW 697->704 716 7ff715776d32-7ff715776d52 702->716 703->702 707 7ff715776afc-7ff715776b07 GetFileType 704->707 708 7ff715776a81-7ff715776a87 704->708 710 7ff715776b09-7ff715776b44 GetLastError call 7ff715764e7c CloseHandle 707->710 711 7ff715776b5a-7ff715776b61 707->711 713 7ff715776ac9-7ff715776af7 GetLastError call 7ff715764e7c 708->713 714 7ff715776a89-7ff715776a8d 708->714 710->702 727 7ff715776b4a-7ff715776b55 call 7ff715764f08 710->727 719 7ff715776b69-7ff715776b6c 711->719 720 7ff715776b63-7ff715776b67 711->720 713->702 714->713 721 7ff715776a8f-7ff715776ac7 CreateFileW 714->721 725 7ff715776b72-7ff715776bc7 call 7ff715768438 719->725 726 7ff715776b6e 719->726 720->725 721->707 721->713 731 7ff715776bc9-7ff715776bd5 call 7ff7157768a0 725->731 732 7ff715776be6-7ff715776c17 call 7ff715776418 725->732 726->725 727->702 731->732 738 7ff715776bd7 731->738 739 7ff715776c1d-7ff715776c5f 732->739 740 7ff715776c19-7ff715776c1b 732->740 741 7ff715776bd9-7ff715776be1 call 7ff71576aac0 738->741 742 7ff715776c81-7ff715776c8c 739->742 743 7ff715776c61-7ff715776c65 739->743 740->741 741->716 744 7ff715776c92-7ff715776c96 742->744 745 7ff715776d30 742->745 743->742 747 7ff715776c67-7ff715776c7c 743->747 744->745 748 7ff715776c9c-7ff715776ce1 CloseHandle CreateFileW 744->748 745->716 747->742 750 7ff715776d16-7ff715776d2b 748->750 751 7ff715776ce3-7ff715776d11 GetLastError call 7ff715764e7c call 7ff715768660 748->751 750->745 751->750
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 1617910340-0
                                                                                                                                                                                                                                                        • Opcode ID: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
                                                                                                                                                                                                                                                        • Instruction ID: 9e28f6dbed1c0a98924333fb5d748b672a487cfc5098a4c8f175e3712142711a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 68C1D036B28E4285EB18EF69D0966AC7761F749FA8B910235DA1E573A8DF38D019C310
                                                                                                                                                                                                                                                        Function 00007FF715775E7C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 959 7ff715775e7c-7ff715775eb1 call 7ff715775588 call 7ff715775590 call 7ff7157755f8 966 7ff715775eb7-7ff715775ec2 call 7ff715775598 959->966 967 7ff715775fef-7ff71577605d call 7ff71576a900 call 7ff715771578 959->967 966->967 972 7ff715775ec8-7ff715775ed3 call 7ff7157755c8 966->972 979 7ff71577606b-7ff71577606e 967->979 980 7ff71577605f-7ff715776066 967->980 972->967 978 7ff715775ed9-7ff715775efc call 7ff71576a948 GetTimeZoneInformation 972->978 992 7ff715775fc4-7ff715775fee call 7ff715775580 call 7ff715775570 call 7ff715775578 978->992 993 7ff715775f02-7ff715775f23 978->993 981 7ff7157760a5-7ff7157760b8 call 7ff71576d5fc 979->981 982 7ff715776070 979->982 984 7ff7157760fb-7ff7157760fe 980->984 996 7ff7157760ba 981->996 997 7ff7157760c3-7ff7157760de call 7ff715771578 981->997 985 7ff715776073 982->985 984->985 986 7ff715776104-7ff71577610c call 7ff715775c00 984->986 990 7ff715776078-7ff7157760a4 call 7ff71576a948 call 7ff71575c550 985->990 991 7ff715776073 call 7ff715775e7c 985->991 986->990 991->990 999 7ff715775f2e-7ff715775f35 993->999 1000 7ff715775f25-7ff715775f2b 993->1000 1003 7ff7157760bc-7ff7157760c1 call 7ff71576a948 996->1003 1018 7ff7157760e5-7ff7157760f7 call 7ff71576a948 997->1018 1019 7ff7157760e0-7ff7157760e3 997->1019 1005 7ff715775f49 999->1005 1006 7ff715775f37-7ff715775f3f 999->1006 1000->999 1003->982 1013 7ff715775f4b-7ff715775fbf call 7ff71577a4d0 * 4 call 7ff715772b5c call 7ff715776114 * 2 1005->1013 1006->1005 1008 7ff715775f41-7ff715775f47 1006->1008 1008->1013 1013->992 1018->984 1019->1003
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF715775EAA
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7157755F8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF71577560C
                                                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF715775EBB
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF715775598: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7157755AC
                                                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF715775ECC
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF7157755C8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7157755DC
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF71576A948: RtlFreeHeap.NTDLL(?,?,?,00007FF715772D22,?,?,?,00007FF715772D5F,?,?,00000000,00007FF715773225,?,?,?,00007FF715773157), ref: 00007FF71576A95E
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF71576A948: GetLastError.KERNEL32(?,?,?,00007FF715772D22,?,?,?,00007FF715772D5F,?,?,00000000,00007FF715773225,?,?,?,00007FF715773157), ref: 00007FF71576A968
                                                                                                                                                                                                                                                        • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF71577610C), ref: 00007FF715775EF3
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                                        • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                                                        • API String ID: 3458911817-239921721
                                                                                                                                                                                                                                                        • Opcode ID: 6f2171165b001c2744b9d494c76d2a7753c36df5ed5d67f3075860c83c0dbe14
                                                                                                                                                                                                                                                        • Instruction ID: 018cf8fb23cf421dc68e3e9323cfb5617719ca080a85025b53bfa7ccdc20bde5
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6f2171165b001c2744b9d494c76d2a7753c36df5ed5d67f3075860c83c0dbe14
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 34517432A08A4286E718FF36E4875A9E761BB4CB64FC05535EA4D436B5DF3CE40D8760
                                                                                                                                                                                                                                                        Function 00007FF715759280 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 2295610775-0
                                                                                                                                                                                                                                                        • Opcode ID: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
                                                                                                                                                                                                                                                        • Instruction ID: 458ad79b6f898083fe1769401eae53a4fded3e0317c57a0229e07f52979f8c2b
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AFF0CD22A28B4186F7649B50B48E776B360EB49B38F840335DA6D01AE4DF3CD04CC700
                                                                                                                                                                                                                                                        Function 00007FF7157708C8 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CurrentFeaturePresentProcessProcessor
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 1010374628-0
                                                                                                                                                                                                                                                        • Opcode ID: 537422541fbed36a77ddee3a41e978a3695e14332b64c7d8d0a2d6c09592a1ae
                                                                                                                                                                                                                                                        • Instruction ID: dcb6b98ee0a4d11f23261dafc57c0a46c0ba2155b2a6383adebc640642c3c1a5
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 537422541fbed36a77ddee3a41e978a3695e14332b64c7d8d0a2d6c09592a1ae
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A6028C25A1AE4340FA5EBB22A40A279A780AF49FB0FD54634DD6D563F1DF7CA40D8730
                                                                                                                                                                                                                                                        Function 00007FF715751950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 331 7ff715751950-7ff71575198b call 7ff7157545c0 334 7ff715751c4e-7ff715751c72 call 7ff71575c550 331->334 335 7ff715751991-7ff7157519d1 call 7ff715757f90 331->335 340 7ff715751c3b-7ff715751c3e call 7ff71576004c 335->340 341 7ff7157519d7-7ff7157519e7 call 7ff7157606d4 335->341 345 7ff715751c43-7ff715751c4b 340->345 346 7ff715751a08-7ff715751a24 call 7ff71576039c 341->346 347 7ff7157519e9-7ff715751a03 call 7ff715764f08 call 7ff715752910 341->347 345->334 353 7ff715751a45-7ff715751a5a call 7ff715764f28 346->353 354 7ff715751a26-7ff715751a40 call 7ff715764f08 call 7ff715752910 346->354 347->340 360 7ff715751a7b-7ff715751afc call 7ff715751c80 * 2 call 7ff7157606d4 353->360 361 7ff715751a5c-7ff715751a76 call 7ff715764f08 call 7ff715752910 353->361 354->340 373 7ff715751b01-7ff715751b14 call 7ff715764f44 360->373 361->340 376 7ff715751b35-7ff715751b4e call 7ff71576039c 373->376 377 7ff715751b16-7ff715751b30 call 7ff715764f08 call 7ff715752910 373->377 383 7ff715751b6f-7ff715751b8b call 7ff715760110 376->383 384 7ff715751b50-7ff715751b6a call 7ff715764f08 call 7ff715752910 376->384 377->340 390 7ff715751b8d-7ff715751b99 call 7ff715752710 383->390 391 7ff715751b9e-7ff715751bac 383->391 384->340 390->340 391->340 394 7ff715751bb2-7ff715751bb9 391->394 397 7ff715751bc1-7ff715751bc7 394->397 398 7ff715751bc9-7ff715751bd6 397->398 399 7ff715751be0-7ff715751bef 397->399 400 7ff715751bf1-7ff715751bfa 398->400 399->399 399->400 401 7ff715751bfc-7ff715751bff 400->401 402 7ff715751c0f 400->402 401->402 403 7ff715751c01-7ff715751c04 401->403 404 7ff715751c11-7ff715751c24 402->404 403->402 405 7ff715751c06-7ff715751c09 403->405 406 7ff715751c2d-7ff715751c39 404->406 407 7ff715751c26 404->407 405->402 408 7ff715751c0b-7ff715751c0d 405->408 406->340 406->397 407->406 408->404
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF715757F90: _fread_nolock.LIBCMT ref: 00007FF71575803A
                                                                                                                                                                                                                                                        • _fread_nolock.LIBCMT ref: 00007FF715751A1B
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF715752910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF715751B6A), ref: 00007FF71575295E
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _fread_nolock$CurrentProcess
                                                                                                                                                                                                                                                        • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                                                                                        • API String ID: 2397952137-3497178890
                                                                                                                                                                                                                                                        • Opcode ID: 5da9196b77292879a3d34eab4b69eed09277f5a680287c42466cc399433b52bb
                                                                                                                                                                                                                                                        • Instruction ID: 1623f6d8500d97f15ce508b92b8c6abf3c46184d4ff88c40aa685badf6eebc07
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5da9196b77292879a3d34eab4b69eed09277f5a680287c42466cc399433b52bb
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5381C571A18E8686E718FB14E0462F9A3A1AF4CF64FC44531EA8D437A5DF3CE54D8760
                                                                                                                                                                                                                                                        Function 00007FF715751600 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 145COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 409 7ff715751600-7ff715751611 410 7ff715751637-7ff715751651 call 7ff7157545c0 409->410 411 7ff715751613-7ff71575161c call 7ff715751050 409->411 416 7ff715751653-7ff715751681 call 7ff715764f08 call 7ff715752910 410->416 417 7ff715751682-7ff71575169c call 7ff7157545c0 410->417 418 7ff71575162e-7ff715751636 411->418 419 7ff71575161e-7ff715751629 call 7ff715752710 411->419 426 7ff71575169e-7ff7157516b3 call 7ff715752710 417->426 427 7ff7157516b8-7ff7157516cf call 7ff7157606d4 417->427 419->418 435 7ff715751821-7ff715751824 call 7ff71576004c 426->435 433 7ff7157516f9-7ff7157516fd 427->433 434 7ff7157516d1-7ff7157516f4 call 7ff715764f08 call 7ff715752910 427->434 437 7ff715751717-7ff715751737 call 7ff715764f44 433->437 438 7ff7157516ff-7ff71575170b call 7ff715751210 433->438 448 7ff715751819-7ff71575181c call 7ff71576004c 434->448 443 7ff715751829-7ff71575183b 435->443 449 7ff715751739-7ff71575175c call 7ff715764f08 call 7ff715752910 437->449 450 7ff715751761-7ff71575176c 437->450 445 7ff715751710-7ff715751712 438->445 445->448 448->435 463 7ff71575180f-7ff715751814 449->463 451 7ff715751802-7ff71575180a call 7ff715764f30 450->451 452 7ff715751772-7ff715751777 450->452 451->463 455 7ff715751780-7ff7157517a2 call 7ff71576039c 452->455 464 7ff7157517da-7ff7157517e6 call 7ff715764f08 455->464 465 7ff7157517a4-7ff7157517bc call 7ff715760adc 455->465 463->448 470 7ff7157517ed-7ff7157517f8 call 7ff715752910 464->470 471 7ff7157517be-7ff7157517c1 465->471 472 7ff7157517c5-7ff7157517d8 call 7ff715764f08 465->472 477 7ff7157517fd 470->477 471->455 474 7ff7157517c3 471->474 472->470 474->477 477->451
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                                                                        • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                                                                                        • API String ID: 2050909247-1550345328
                                                                                                                                                                                                                                                        • Opcode ID: 5d93e2d9b492ec2590e9e2ead86152251fe080dd2e5e8658fb94e6c4b93608a5
                                                                                                                                                                                                                                                        • Instruction ID: c4815e1701f82c2e5c581fd669602266bbfd2deb30a213652e2398bc7d9c4579
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5d93e2d9b492ec2590e9e2ead86152251fe080dd2e5e8658fb94e6c4b93608a5
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3951A161B18E4386EA18BB21A4461B9A3A1BF48FB4FC44531EE5C077B5EF3CE54D8760
                                                                                                                                                                                                                                                        Function 00007FF715758660 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 116COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • GetTempPathW.KERNEL32(?,?,00000000,00007FF715753CBB), ref: 00007FF715758704
                                                                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32(?,00000000,00007FF715753CBB), ref: 00007FF71575870A
                                                                                                                                                                                                                                                        • CreateDirectoryW.KERNELBASE(?,00000000,00007FF715753CBB), ref: 00007FF71575874C
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF715758830: GetEnvironmentVariableW.KERNEL32(00007FF71575388E), ref: 00007FF715758867
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF715758830: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF715758889
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF715768238: _invalid_parameter_noinfo.LIBCMT ref: 00007FF715768251
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF715752810: MessageBoxW.USER32 ref: 00007FF7157528EA
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Environment$CreateCurrentDirectoryExpandMessagePathProcessStringsTempVariable_invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                                                                                                                                                                                                        • API String ID: 3563477958-1339014028
                                                                                                                                                                                                                                                        • Opcode ID: 191653d34e5a06968e8282251bef030903df87164e49fe651f79a53b4d97858f
                                                                                                                                                                                                                                                        • Instruction ID: 9b4a66ec90a183054b2449ef8891ac6582a0f8466dd974ad07654c030910f55d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 191653d34e5a06968e8282251bef030903df87164e49fe651f79a53b4d97858f
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 10419F11A29E4245FA18BB61E8572B993A1AF4DFA0FD40131ED0D576BADF3CE40D8360
                                                                                                                                                                                                                                                        Function 00007FF715751210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 756 7ff715751210-7ff71575126d call 7ff71575bd80 759 7ff715751297-7ff7157512af call 7ff715764f44 756->759 760 7ff71575126f-7ff715751296 call 7ff715752710 756->760 765 7ff7157512d4-7ff7157512e4 call 7ff715764f44 759->765 766 7ff7157512b1-7ff7157512cf call 7ff715764f08 call 7ff715752910 759->766 772 7ff715751309-7ff71575131b 765->772 773 7ff7157512e6-7ff715751304 call 7ff715764f08 call 7ff715752910 765->773 778 7ff715751439-7ff71575144e call 7ff71575ba60 call 7ff715764f30 * 2 766->778 774 7ff715751320-7ff715751345 call 7ff71576039c 772->774 773->778 784 7ff71575134b-7ff715751355 call 7ff715760110 774->784 785 7ff715751431 774->785 793 7ff715751453-7ff71575146d 778->793 784->785 792 7ff71575135b-7ff715751367 784->792 785->778 794 7ff715751370-7ff715751398 call 7ff71575a1c0 792->794 797 7ff71575139a-7ff71575139d 794->797 798 7ff715751416-7ff71575142c call 7ff715752710 794->798 799 7ff71575139f-7ff7157513a9 797->799 800 7ff715751411 797->800 798->785 802 7ff7157513ab-7ff7157513b9 call 7ff715760adc 799->802 803 7ff7157513d4-7ff7157513d7 799->803 800->798 809 7ff7157513be-7ff7157513c1 802->809 804 7ff7157513d9-7ff7157513e7 call 7ff715779e30 803->804 805 7ff7157513ea-7ff7157513ef 803->805 804->805 805->794 808 7ff7157513f5-7ff7157513f8 805->808 813 7ff71575140c-7ff71575140f 808->813 814 7ff7157513fa-7ff7157513fd 808->814 810 7ff7157513c3-7ff7157513cd call 7ff715760110 809->810 811 7ff7157513cf-7ff7157513d2 809->811 810->805 810->811 811->798 813->785 814->798 816 7ff7157513ff-7ff715751407 814->816 816->774
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                                                                        • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                                                        • API String ID: 2050909247-2813020118
                                                                                                                                                                                                                                                        • Opcode ID: 8f2f3123d1cabff2ad8e3db6a95d4b235f7cad2490955ba460222a7cf36d71df
                                                                                                                                                                                                                                                        • Instruction ID: e2d23bdcd13ce99fa414081e68190c3ff2075da278b02426896d912f07418116
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8f2f3123d1cabff2ad8e3db6a95d4b235f7cad2490955ba460222a7cf36d71df
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6B51F422A18E4245E629BB11E4523BAA2A1BF48FA4FC44131EE8D477E5EF3CE44DC750
                                                                                                                                                                                                                                                        Function 00007FF7157536B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(?,00007FF715753804), ref: 00007FF7157536E1
                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF715753804), ref: 00007FF7157536EB
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF715752C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF715753706,?,00007FF715753804), ref: 00007FF715752C9E
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF715752C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF715753706,?,00007FF715753804), ref: 00007FF715752D63
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF715752C50: MessageBoxW.USER32 ref: 00007FF715752D99
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
                                                                                                                                                                                                                                                        • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                                                                                        • API String ID: 3187769757-2863816727
                                                                                                                                                                                                                                                        • Opcode ID: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
                                                                                                                                                                                                                                                        • Instruction ID: c4d71bf10c2763e0040e843a1221c981981e04cb3a3c9c4e6e97007468ef44c9
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4F216251F28E4245FA28BB20E8563B6A364BF4CB64FC00631E65D865F5EF2CE50CC360
                                                                                                                                                                                                                                                        Function 00007FF71576BA5C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 846 7ff71576ba5c-7ff71576ba82 847 7ff71576ba9d-7ff71576baa1 846->847 848 7ff71576ba84-7ff71576ba98 call 7ff715764ee8 call 7ff715764f08 846->848 850 7ff71576be77-7ff71576be83 call 7ff715764ee8 call 7ff715764f08 847->850 851 7ff71576baa7-7ff71576baae 847->851 862 7ff71576be8e 848->862 870 7ff71576be89 call 7ff71576a8e0 850->870 851->850 853 7ff71576bab4-7ff71576bae2 851->853 853->850 856 7ff71576bae8-7ff71576baef 853->856 859 7ff71576bb08-7ff71576bb0b 856->859 860 7ff71576baf1-7ff71576bb03 call 7ff715764ee8 call 7ff715764f08 856->860 865 7ff71576be73-7ff71576be75 859->865 866 7ff71576bb11-7ff71576bb17 859->866 860->870 868 7ff71576be91-7ff71576bea8 862->868 865->868 866->865 867 7ff71576bb1d-7ff71576bb20 866->867 867->860 871 7ff71576bb22-7ff71576bb47 867->871 870->862 874 7ff71576bb49-7ff71576bb4b 871->874 875 7ff71576bb7a-7ff71576bb81 871->875 877 7ff71576bb4d-7ff71576bb54 874->877 878 7ff71576bb72-7ff71576bb78 874->878 879 7ff71576bb56-7ff71576bb6d call 7ff715764ee8 call 7ff715764f08 call 7ff71576a8e0 875->879 880 7ff71576bb83-7ff71576bbab call 7ff71576d5fc call 7ff71576a948 * 2 875->880 877->878 877->879 882 7ff71576bbf8-7ff71576bc0f 878->882 911 7ff71576bd00 879->911 907 7ff71576bbad-7ff71576bbc3 call 7ff715764f08 call 7ff715764ee8 880->907 908 7ff71576bbc8-7ff71576bbf3 call 7ff71576c284 880->908 885 7ff71576bc8a-7ff71576bc94 call 7ff71577391c 882->885 886 7ff71576bc11-7ff71576bc19 882->886 899 7ff71576bd1e 885->899 900 7ff71576bc9a-7ff71576bcaf 885->900 886->885 891 7ff71576bc1b-7ff71576bc1d 886->891 891->885 895 7ff71576bc1f-7ff71576bc35 891->895 895->885 896 7ff71576bc37-7ff71576bc43 895->896 896->885 901 7ff71576bc45-7ff71576bc47 896->901 903 7ff71576bd23-7ff71576bd43 ReadFile 899->903 900->899 905 7ff71576bcb1-7ff71576bcc3 GetConsoleMode 900->905 901->885 906 7ff71576bc49-7ff71576bc61 901->906 909 7ff71576be3d-7ff71576be46 GetLastError 903->909 910 7ff71576bd49-7ff71576bd51 903->910 905->899 912 7ff71576bcc5-7ff71576bccd 905->912 906->885 914 7ff71576bc63-7ff71576bc6f 906->914 907->911 908->882 919 7ff71576be48-7ff71576be5e call 7ff715764f08 call 7ff715764ee8 909->919 920 7ff71576be63-7ff71576be66 909->920 910->909 916 7ff71576bd57 910->916 913 7ff71576bd03-7ff71576bd0d call 7ff71576a948 911->913 912->903 918 7ff71576bccf-7ff71576bcf1 ReadConsoleW 912->918 913->868 914->885 923 7ff71576bc71-7ff71576bc73 914->923 927 7ff71576bd5e-7ff71576bd73 916->927 929 7ff71576bcf3 GetLastError 918->929 930 7ff71576bd12-7ff71576bd1c 918->930 919->911 924 7ff71576be6c-7ff71576be6e 920->924 925 7ff71576bcf9-7ff71576bcfb call 7ff715764e7c 920->925 923->885 933 7ff71576bc75-7ff71576bc85 923->933 924->913 925->911 927->913 935 7ff71576bd75-7ff71576bd80 927->935 929->925 930->927 933->885 939 7ff71576bda7-7ff71576bdaf 935->939 940 7ff71576bd82-7ff71576bd9b call 7ff71576b674 935->940 943 7ff71576be2b-7ff71576be38 call 7ff71576b4b4 939->943 944 7ff71576bdb1-7ff71576bdc3 939->944 948 7ff71576bda0-7ff71576bda2 940->948 943->948 945 7ff71576be1e-7ff71576be26 944->945 946 7ff71576bdc5 944->946 945->913 949 7ff71576bdca-7ff71576bdd1 946->949 948->913 951 7ff71576be0d-7ff71576be18 949->951 952 7ff71576bdd3-7ff71576bdd7 949->952 951->945 953 7ff71576bdd9-7ff71576bde0 952->953 954 7ff71576bdf3 952->954 953->954 955 7ff71576bde2-7ff71576bde6 953->955 956 7ff71576bdf9-7ff71576be09 954->956 955->954 957 7ff71576bde8-7ff71576bdf1 955->957 956->949 958 7ff71576be0b 956->958 957->956 958->945
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                                        • Opcode ID: 1c0df5e74df0118619baac061aee596465bcef498cfc928fc9eaa168a483e3b3
                                                                                                                                                                                                                                                        • Instruction ID: 422602cfbf567bf6591091c9953e97bd971fa8f0e9a59770bd9e12cc26855e7e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1c0df5e74df0118619baac061aee596465bcef498cfc928fc9eaa168a483e3b3
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 09C1D43290CE8681F668BB1594462BDAB55FB8AFA0FD54231EA4D077A1CF7CE44D8720
                                                                                                                                                                                                                                                        Function 00007FF715758570 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 995526605-0
                                                                                                                                                                                                                                                        • Opcode ID: 1c88e2159774aae00215e56fe2a2a719af09135261df6dbcfc7a62e4558c2eb4
                                                                                                                                                                                                                                                        • Instruction ID: 435f91e9d17e49e675d123b83a001c6a7cd561419f95ecbe87b1587d7e201159
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1c88e2159774aae00215e56fe2a2a719af09135261df6dbcfc7a62e4558c2eb4
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 06216121A1CA4642EB14AB59F48523AE7B0FF89BB0F900235EA6D43AF5DF6CD44D8710
                                                                                                                                                                                                                                                        Function 00007FF7157590E0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF715758570: GetCurrentProcess.KERNEL32 ref: 00007FF715758590
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF715758570: OpenProcessToken.ADVAPI32 ref: 00007FF7157585A3
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF715758570: GetTokenInformation.KERNELBASE ref: 00007FF7157585C8
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF715758570: GetLastError.KERNEL32 ref: 00007FF7157585D2
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF715758570: GetTokenInformation.KERNELBASE ref: 00007FF715758612
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF715758570: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF71575862E
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF715758570: CloseHandle.KERNEL32 ref: 00007FF715758646
                                                                                                                                                                                                                                                        • LocalFree.KERNEL32(?,00007FF715753C55), ref: 00007FF71575916C
                                                                                                                                                                                                                                                        • LocalFree.KERNEL32(?,00007FF715753C55), ref: 00007FF715759175
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                                                        • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                                                                                                                                                                                                        • API String ID: 6828938-1529539262
                                                                                                                                                                                                                                                        • Opcode ID: 0222097b9c90264a1a2c87a2a2fde68e1a94831f5278aced0db9eca26447961c
                                                                                                                                                                                                                                                        • Instruction ID: ee6cc6f3ec5d1a9b91e7239f2fc63a486403ac474dbf0ffff23ccacacdd2542e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0222097b9c90264a1a2c87a2a2fde68e1a94831f5278aced0db9eca26447961c
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C0212C21A28E4241E618BB10E41A3EAA365EB8DB90FD44435EA4D53BA6DF3CD90DC760
                                                                                                                                                                                                                                                        Function 00007FF715757E20 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • CreateDirectoryW.KERNELBASE(00000000,?,00007FF71575352C,?,00000000,00007FF715753F23), ref: 00007FF715757F32
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CreateDirectory
                                                                                                                                                                                                                                                        • String ID: %.*s$%s%c$\
                                                                                                                                                                                                                                                        • API String ID: 4241100979-1685191245
                                                                                                                                                                                                                                                        • Opcode ID: 9023beffec3a57a4629e8abb22503f1b718fcdb28fa34784c50d465fb9ddbb72
                                                                                                                                                                                                                                                        • Instruction ID: 6a249f25a6c8c953e2ee2f898e6005a70e1982065a5fd16fc6ae13ffe9a3b316
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9023beffec3a57a4629e8abb22503f1b718fcdb28fa34784c50d465fb9ddbb72
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3831D861629EC145EA25AB11E4117AAE364EB8CFF4F900230EE6D477D5DF2CD64E8710
                                                                                                                                                                                                                                                        Function 00007FF71576CF60 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF71576CF4B), ref: 00007FF71576D07C
                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF71576CF4B), ref: 00007FF71576D107
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 953036326-0
                                                                                                                                                                                                                                                        • Opcode ID: a47a8d54e36ced6583969bea4ac316e5fdc1f02f5f342ddc714eca2f45cad1a1
                                                                                                                                                                                                                                                        • Instruction ID: 96d851117e1afd279c1ca7ea9ac0f5d3a7ecfb7565f5003fb4f264ed644059bc
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a47a8d54e36ced6583969bea4ac316e5fdc1f02f5f342ddc714eca2f45cad1a1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 85911C32F28A5145F758AF65D4422BDA7A0FB48FA8F944235DE0E136A4DF78D48EC720
                                                                                                                                                                                                                                                        Function 00007FF71576F98C Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _get_daylight$_isindst
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 4170891091-0
                                                                                                                                                                                                                                                        • Opcode ID: 873197461a12b50781dd6dd2a54ab0b7f590f407db75148e336b6c99fa373a01
                                                                                                                                                                                                                                                        • Instruction ID: 7145026e7aaa95871cac4c08d8765eaa86a50024e57e625d221b73d112dc84e9
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 873197461a12b50781dd6dd2a54ab0b7f590f407db75148e336b6c99fa373a01
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2251FB72F04A118AFB1CEF7899566BCA751AB48778FD00335DD2D52AF9DB38A40E8710
                                                                                                                                                                                                                                                        Function 00007FF71576577C Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 2780335769-0
                                                                                                                                                                                                                                                        • Opcode ID: 601044899bb77d1db34704472f686b9691880a3163deed0eb7e9945e8072c835
                                                                                                                                                                                                                                                        • Instruction ID: 98493caf7e9c8fccb229ab1249dba89b5da364d9a9846cb0ca31ad773890f05c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 601044899bb77d1db34704472f686b9691880a3163deed0eb7e9945e8072c835
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F3519F22E04A428AF718EF71D4563BDA7A1AB4CF68F944634DE0D47AA8DF38D44C9720
                                                                                                                                                                                                                                                        Function 00007FF715765628 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 1279662727-0
                                                                                                                                                                                                                                                        • Opcode ID: 8f3d5377b4ca72f71b0fe910297a4b2920b1cd85568e136600ee028e7f718979
                                                                                                                                                                                                                                                        • Instruction ID: 69623b875914c60f1f326beb389cf820c9365203e18643b203d5ffe72539cd15
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8f3d5377b4ca72f71b0fe910297a4b2920b1cd85568e136600ee028e7f718979
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5141A662D18B8183F718AF209555379A361FB98B74F909335E65C03AE1DF7CA0EC9710
                                                                                                                                                                                                                                                        Function 00007FF71575CC3C Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3251591375-0
                                                                                                                                                                                                                                                        • Opcode ID: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
                                                                                                                                                                                                                                                        • Instruction ID: fdc568e14c2ef1a38ac3ee67fbe6a21bc3c743d5fea42a1d8d7e8780c5c1106f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 47315B21E28A4745FA5CBB61D4173B993A59F49FA4FC45234EA0D472F3DF2CA90D8230
                                                                                                                                                                                                                                                        Function 00007FF71576013C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                                        • Opcode ID: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                                                                                                                                                                                        • Instruction ID: c5239912223b6b39e696dd360367380750b1286d9004db4d69bcb10c2ea881c5
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B951FA61B19A4186F76EB926940667EA6A1AF48FB4F884734DD6D037E5CF3CE40C8620
                                                                                                                                                                                                                                                        Function 00007FF71576C134 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 2976181284-0
                                                                                                                                                                                                                                                        • Opcode ID: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
                                                                                                                                                                                                                                                        • Instruction ID: 3de893c62bfde02b6acb00400a48806d9b7f22f453cb75ce89d62a9cdaaef48c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8911E262A18E8181EA28AB25F805069B361EB49FF0F940331EE7D0B7E8CF3CD01C8710
                                                                                                                                                                                                                                                        Function 00007FF715765924 Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF715765839), ref: 00007FF715765957
                                                                                                                                                                                                                                                        • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF715765839), ref: 00007FF71576596D
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 1707611234-0
                                                                                                                                                                                                                                                        • Opcode ID: 497c6f3b45805196ef8f930e068bad9451f3f50de380bc241881b145e929bf5b
                                                                                                                                                                                                                                                        • Instruction ID: b1e4ae3c8aeb18473efbfecdc4ce696b1da22b486c8e2e85eeeae156e34fcfbe
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 497c6f3b45805196ef8f930e068bad9451f3f50de380bc241881b145e929bf5b
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5911863150CB0281E7585B15A41617AF760EB89B71FD00335FA9D819E4EF2CD05CDF20
                                                                                                                                                                                                                                                        Function 00007FF71576A948 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • RtlFreeHeap.NTDLL(?,?,?,00007FF715772D22,?,?,?,00007FF715772D5F,?,?,00000000,00007FF715773225,?,?,?,00007FF715773157), ref: 00007FF71576A95E
                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF715772D22,?,?,?,00007FF715772D5F,?,?,00000000,00007FF715773225,?,?,?,00007FF715773157), ref: 00007FF71576A968
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 485612231-0
                                                                                                                                                                                                                                                        • Opcode ID: 46e6024f15a2f57ad5ff64688e0fe3cec5898f8577aba2f63b046adc8766ef53
                                                                                                                                                                                                                                                        • Instruction ID: ea1661c8a931b1b24a33879ab073b4fe6fd14ca73d4ad2bfec9743e1e04ebefd
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 46e6024f15a2f57ad5ff64688e0fe3cec5898f8577aba2f63b046adc8766ef53
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 02E04F50E09A0282FE0D7BB2A49B1789252AF8CF20FC50130C90D422B1EF2CA88D8230
                                                                                                                                                                                                                                                        Function 00007FF71576AB58 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • CloseHandle.KERNELBASE(?,?,?,00007FF71576A9D5,?,?,00000000,00007FF71576AA8A), ref: 00007FF71576ABC6
                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF71576A9D5,?,?,00000000,00007FF71576AA8A), ref: 00007FF71576ABD0
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 918212764-0
                                                                                                                                                                                                                                                        • Opcode ID: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
                                                                                                                                                                                                                                                        • Instruction ID: 82bbaa7e25dd18572a77960381fc20bfb2e913c24b3389073f86db474e5ce964
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FD21A711B18E4285FA597766949637D92829F8CFB0F884335DA2E477F1CFACE44D4321
                                                                                                                                                                                                                                                        Function 00007FF71576BEAC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                                        • Opcode ID: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
                                                                                                                                                                                                                                                        • Instruction ID: f988c549debb264aebf57bddd41e678aa1c397bac0e4db74ca2fb379aa6f2d7b
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1F41CB72508A4287F638AA19A552179B760EB5EF60F940731D68E436F1CF6CE40ECB61
                                                                                                                                                                                                                                                        Function 00007FF715757F90 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _fread_nolock
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 840049012-0
                                                                                                                                                                                                                                                        • Opcode ID: 7026eb3b68f3585a2f5768ea15c5ca7bda34a28a3ae4cdbb6486ed2f903c9d01
                                                                                                                                                                                                                                                        • Instruction ID: 7e2456edbcaa2c0e1db52e864ee5f3fa5b9404af8a86e3f93292b7b76213e11e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7026eb3b68f3585a2f5768ea15c5ca7bda34a28a3ae4cdbb6486ed2f903c9d01
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CB21A221B28A5246FA58BB2268063BAD661BF49FE4FD84430EE0C07796DF7DE44DC610
                                                                                                                                                                                                                                                        Function 00007FF71576B93C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                                        • Opcode ID: c2d01373d3233558d420055387ebca2c39d1ce99b2c1a08127fa32cb0ba5fec2
                                                                                                                                                                                                                                                        • Instruction ID: 5316b1cc700f6640526cbd04f24842188d81d1ae4773c52822824467b64c0e0b
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c2d01373d3233558d420055387ebca2c39d1ce99b2c1a08127fa32cb0ba5fec2
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2B317E22A18E0285F6197B65888637CAA91AF89FB4FC50335E95D033E2CF7CE44D8735
                                                                                                                                                                                                                                                        Function 00007FF715765F94 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                                        • Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                                                                        • Instruction ID: fc810e50a3de8c1f194e98b5b8a55674f8e95d62b1e9fa2e35ac3f7676258c23
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6D118471A1CE4381FA68BF1194121BDE660BF89FA4FC84631EA4C57AA6CF7DD40C5720
                                                                                                                                                                                                                                                        Function 00007FF715776354 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                                        • Opcode ID: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
                                                                                                                                                                                                                                                        • Instruction ID: 0393d2871f32812d5bd31af023325b106c7f666b914815afbad5d6f85476cc6d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7021C872608E4286E765AF18E445379B7A0FB88F64F944234E65D476E9DF3CD40DCB10
                                                                                                                                                                                                                                                        Function 00007FF7157603BC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                                        • Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                                                                        • Instruction ID: 433361a63adba0e70b79e714af6a42f6ac308644b41dc0124269a5e52f7533b0
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9A018261A08B4181F919BB529902079EAA1BF8AFF0F884771DE5C13BE6CF3CD4098310
                                                                                                                                                                                                                                                        Function 00007FF715767EFC Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                                        • Opcode ID: eb4e03bbc0b04cbc85d5aa4284f536322b5632f0a5d263bd1b62b358e696f9c3
                                                                                                                                                                                                                                                        • Instruction ID: fa70434add02bd399a3c17e247700d837401bc95c731539cf98fdd1ce7d3e6d8
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: eb4e03bbc0b04cbc85d5aa4284f536322b5632f0a5d263bd1b62b358e696f9c3
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 34013960A1DE4380FA687B6265475B9D290AF48FF0FD44735EA1C466E6EF6CA44F4230
                                                                                                                                                                                                                                                        Function 00007FF715768238 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                                        • Opcode ID: 3541b91b086c77dfe17527b78ee7977ece0d5fdea915d925a3ffaee66e22a6c2
                                                                                                                                                                                                                                                        • Instruction ID: 02f3f1ece23d0658a030c99dc6ba4757e947794c978271161acd9d5415e91f6a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3541b91b086c77dfe17527b78ee7977ece0d5fdea915d925a3ffaee66e22a6c2
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E6E08CA0E5CE038BFA1D3AA405C35B891615F9EF60FC40330E908062E3DF2C688C9232
                                                                                                                                                                                                                                                        Function 00007FF71576EB98 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(?,?,00000000,00007FF71576B32A,?,?,?,00007FF715764F11,?,?,?,?,00007FF71576A48A), ref: 00007FF71576EBED
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: AllocHeap
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 4292702814-0
                                                                                                                                                                                                                                                        • Opcode ID: 0190c006dd090f1dc8136ef035d08a675b61e1fdbed98732a32380f018d60316
                                                                                                                                                                                                                                                        • Instruction ID: bab3ed9f81a21e9e9729160c8fc7b77d5c9899f32cfcca6728a8d1d6abc1b2c8
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0190c006dd090f1dc8136ef035d08a675b61e1fdbed98732a32380f018d60316
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6CF04954B09A0248FE5C76669867AB6D2819F8CFA0FCC4A30CD0F863E1EF1CA48C4230
                                                                                                                                                                                                                                                        Function 00007FF71576D5FC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(?,?,?,00007FF715760C90,?,?,?,00007FF7157622FA,?,?,?,?,?,00007FF715763AE9), ref: 00007FF71576D63A
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: AllocHeap
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 4292702814-0
                                                                                                                                                                                                                                                        • Opcode ID: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
                                                                                                                                                                                                                                                        • Instruction ID: 59abf85f6e0639e47eef4be6b46e80c05b432bebf62ecd81e7a291adecdf0d50
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 42F0DA50E29A4645FE5D7A71585B6B592905F8CFF4F884730D92E852E1EF2CA4CC8630

                                                                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                                                                        Function 00007FF7157576C0 Relevance: 177.1, APIs: 66, Strings: 35, Instructions: 314libraryloaderCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: AddressErrorLastProc
                                                                                                                                                                                                                                                        • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                                                                        • API String ID: 199729137-3427451314
                                                                                                                                                                                                                                                        • Opcode ID: 939c8a0ebf27c7f5789cd4a10996167767bc86255d761b2ba34a42bc6fc861e3
                                                                                                                                                                                                                                                        • Instruction ID: 6e2b680829aa92baa2912781b600d9008c28375ed2367b68d38b7cdffe94805c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 939c8a0ebf27c7f5789cd4a10996167767bc86255d761b2ba34a42bc6fc861e3
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A4029E61A19F0B91EA1CBB65B85A5B4E3A1AF0CFB5BC40035D92E16274BF3CB55DC230
                                                                                                                                                                                                                                                        Function 00007FF7157740AC Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                                                                                                                                                                                        • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                        • API String ID: 808467561-2761157908
                                                                                                                                                                                                                                                        • Opcode ID: 7da0388417e7c773b0aab48e07e342724827a26e5879d16e5decf6c79e081c8c
                                                                                                                                                                                                                                                        • Instruction ID: c52ab271528a78956fb3b561a68af8232cd77cc73e0745858106027377b6c180
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7da0388417e7c773b0aab48e07e342724827a26e5879d16e5decf6c79e081c8c
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4EB21B72F186828BE7299F64E4497FCB7A2FB48B54F801135DA0D57A94DB38E90CCB50
                                                                                                                                                                                                                                                        Function 00007FF7157583C0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(?,00007FF715758919,00007FF715753FA5), ref: 00007FF71575842B
                                                                                                                                                                                                                                                        • RemoveDirectoryW.KERNEL32(?,00007FF715758919,00007FF715753FA5), ref: 00007FF7157584AE
                                                                                                                                                                                                                                                        • DeleteFileW.KERNEL32(?,00007FF715758919,00007FF715753FA5), ref: 00007FF7157584CD
                                                                                                                                                                                                                                                        • FindNextFileW.KERNEL32(?,00007FF715758919,00007FF715753FA5), ref: 00007FF7157584DB
                                                                                                                                                                                                                                                        • FindClose.KERNEL32(?,00007FF715758919,00007FF715753FA5), ref: 00007FF7157584EC
                                                                                                                                                                                                                                                        • RemoveDirectoryW.KERNEL32(?,00007FF715758919,00007FF715753FA5), ref: 00007FF7157584F5
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                                                                                                                                                                                                        • String ID: %s\*
                                                                                                                                                                                                                                                        • API String ID: 1057558799-766152087
                                                                                                                                                                                                                                                        • Opcode ID: 9215641a051a597ab69d89bbe09b444c24fb25eba6eed844fe9e008ab190e420
                                                                                                                                                                                                                                                        • Instruction ID: babc0f08f43185dca11d18f6951d4e22c31efd78150ff82a495bb2bc5f9da467
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9215641a051a597ab69d89bbe09b444c24fb25eba6eed844fe9e008ab190e420
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 71415521A2CD4286EA64BF55E45A2BAA370FB9CF64FD00231DA5D436A4EF3CD54DC710
                                                                                                                                                                                                                                                        Function 00007FF71575ACAD Relevance: 12.0, Strings: 9, Instructions: 744COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
                                                                                                                                                                                                                                                        • API String ID: 0-2665694366
                                                                                                                                                                                                                                                        • Opcode ID: 55880860ec2df9374ed9e05eb7c1f9660e2769407a38999da05ffb99d6c3dc89
                                                                                                                                                                                                                                                        • Instruction ID: 661aaafe8083b20f6c9f15b3bfff92e7873a627a34d10b4cd8bab70e0c66d76b
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 55880860ec2df9374ed9e05eb7c1f9660e2769407a38999da05ffb99d6c3dc89
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 95523772A24BA64BE7A8AF14C449B7D7BB9FB48751F414138E64A83790DB7CD80CCB50
                                                                                                                                                                                                                                                        Function 00007FF71575D12C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3140674995-0
                                                                                                                                                                                                                                                        • Opcode ID: 357b26123f7cc0566be18cabbec560c6351d8abd4e8582c9dfa9d4018571b442
                                                                                                                                                                                                                                                        • Instruction ID: 571c4afaf9c15caf7fcb5854fd04387115740e93e77fbee3ef9b37c06f41bf56
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 357b26123f7cc0566be18cabbec560c6351d8abd4e8582c9dfa9d4018571b442
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 99313F72619F8186EB64AF60E8857ED6360FB88B18F844039DB4D47BA4EF78D64CC710
                                                                                                                                                                                                                                                        Function 00007FF71576A614 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 1239891234-0
                                                                                                                                                                                                                                                        • Opcode ID: ae2d74aaff6e8c1310ec24f87c3395aa5518f909cdba62f6f822c67f0a9cc142
                                                                                                                                                                                                                                                        • Instruction ID: af6ba6406ced3547f89eee689377e1e8d2202b5b1b1bf18275421b63397612a6
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ae2d74aaff6e8c1310ec24f87c3395aa5518f909cdba62f6f822c67f0a9cc142
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 85317432618F8186EB649F25E8456AE73A4FB88B64F900135EB4D43B64EF3CC14DC710
                                                                                                                                                                                                                                                        Function 00007FF715771874 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 2227656907-0
                                                                                                                                                                                                                                                        • Opcode ID: ee5daded1920a45b930385d49f4c9fb7106de6f00b6358014c2482279c1420ad
                                                                                                                                                                                                                                                        • Instruction ID: 8104052b120e553bf3b8bfd5f52f3ae012dd4bd9afb2939415e5d69badfc26af
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ee5daded1920a45b930385d49f4c9fb7106de6f00b6358014c2482279c1420ad
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 61B1C922B18F8241EA69BB22B50A1B9E352EB48FF4F945131D94D07BA5DF3CE44DC310
                                                                                                                                                                                                                                                        Function 00007FF71575D010 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 2933794660-0
                                                                                                                                                                                                                                                        • Opcode ID: 884c9866f0db1ea4ea3e8c559fd458021c8c8106c035f87ab540984eb8a2d97e
                                                                                                                                                                                                                                                        • Instruction ID: 4184ae59ed44c30825559ca9e1c8232c41027e64fd10543f23770685460c37bf
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 884c9866f0db1ea4ea3e8c559fd458021c8c8106c035f87ab540984eb8a2d97e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 98114F22B14F058AEB009B60E8462B973A4F71DB68F840E31DA1D46764EF38D15C8350
                                                                                                                                                                                                                                                        Function 00007FF715773C10 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: memcpy_s
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 1502251526-0
                                                                                                                                                                                                                                                        • Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                                                                        • Instruction ID: d16e0da83707da3e6e51fc9d5f748ae18720c933a16125854b2b8d798458b2ee
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3AC10672B18A8687E728DF15B04967AFB91F788B94F808134DB4E43794DB3DE909CB40
                                                                                                                                                                                                                                                        Function 00007FF71575A474 Relevance: 4.1, Strings: 3, Instructions: 398COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: $header crc mismatch$unknown header flags set
                                                                                                                                                                                                                                                        • API String ID: 0-1127688429
                                                                                                                                                                                                                                                        • Opcode ID: fcf6ea83c7a46010d3591867e81b0f53761d3f113121264a3729654d2d1b513f
                                                                                                                                                                                                                                                        • Instruction ID: 3f7e51b89436d6c95e1e8325dac0c4fdd67ef5874951b3bdda46c91fcbe2a03e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fcf6ea83c7a46010d3591867e81b0f53761d3f113121264a3729654d2d1b513f
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BBF1B572A24BD54BE7A9BF14C089B3ABAF9EF48B51F454538DA49073A0CB78E44CC750
                                                                                                                                                                                                                                                        Function 00007FF715779728 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ExceptionRaise_clrfp
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 15204871-0
                                                                                                                                                                                                                                                        • Opcode ID: a4cc0e8a2f7e024105bf8074fef1866164229a93701b52dcf00f6f20498becf3
                                                                                                                                                                                                                                                        • Instruction ID: 048769a873fe28082ec7d63d40fd66551a6ac727ec7658ae03be7b3d436fe41c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a4cc0e8a2f7e024105bf8074fef1866164229a93701b52dcf00f6f20498becf3
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C8B17E73A05B898BEB19CF29D84A36CB7A0F788F58F158821DA5D837B4CB39D459C710
                                                                                                                                                                                                                                                        Function 00007FF7157639A4 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: $
                                                                                                                                                                                                                                                        • API String ID: 0-227171996
                                                                                                                                                                                                                                                        • Opcode ID: e57f1980f4491aea9eb328a1e81193c2bccc9a7e68d1918bb9b7207cf9600634
                                                                                                                                                                                                                                                        • Instruction ID: e8e298fa6293287316d8f266c9a1f246f366548a6ba84b2a2842161e9e9ca6dc
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e57f1980f4491aea9eb328a1e81193c2bccc9a7e68d1918bb9b7207cf9600634
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 42E1B336A08E4285FB6CAE258152139A3A0FF49F68FA44335DA0E076F4DF29E85DD710
                                                                                                                                                                                                                                                        Function 00007FF71575A2DB Relevance: 2.7, Strings: 2, Instructions: 216COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: incorrect header check$invalid window size
                                                                                                                                                                                                                                                        • API String ID: 0-900081337
                                                                                                                                                                                                                                                        • Opcode ID: 7e7bac63e97a7e962ac1d8bc37368dc0e110af78d4507200a91f80e7c7b94e68
                                                                                                                                                                                                                                                        • Instruction ID: e940f4035b26d0fbcc6ff51e6fdd7213c2056f5c0dd081e6595bf355bdaf6c03
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7e7bac63e97a7e962ac1d8bc37368dc0e110af78d4507200a91f80e7c7b94e68
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FA91DB72A287C687E7A8AE14C44DB3E7AB9FF48760F414139DA4A46790CB7CE54CCB50
                                                                                                                                                                                                                                                        Function 00007FF71576DEF0 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: e+000$gfff
                                                                                                                                                                                                                                                        • API String ID: 0-3030954782
                                                                                                                                                                                                                                                        • Opcode ID: c8a24eaff8c968987b4d031b15ae93849e98bcf9eddb8930961e84febef9b5bc
                                                                                                                                                                                                                                                        • Instruction ID: 5469157b6982ce7545d4cb0c0c494c6276343228e2b8c4e39e8c4074eb7ab523
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c8a24eaff8c968987b4d031b15ae93849e98bcf9eddb8930961e84febef9b5bc
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 80519C62B18AC246F7289E359802769F791E748FA4F888731CBA847AE5CF7DD44C8710
                                                                                                                                                                                                                                                        Function 00007FF71576DA5C Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: gfffffff
                                                                                                                                                                                                                                                        • API String ID: 0-1523873471
                                                                                                                                                                                                                                                        • Opcode ID: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
                                                                                                                                                                                                                                                        • Instruction ID: 090f199c05eeebf77852ba3e1bc92da55cc9fa4305fc1677230d30eb820d08e5
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DDA19962A18BC94AFB29DF25A0117A9BB91EB58FA0F408232DE4D477A5DF3DD44DC310
                                                                                                                                                                                                                                                        Function 00007FF715768794 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID: TMP
                                                                                                                                                                                                                                                        • API String ID: 3215553584-3125297090
                                                                                                                                                                                                                                                        • Opcode ID: 09cdd7cf7fc9e7e425d724a32e8c9d3bd5c12dba7606eca5b930980d9b4d1239
                                                                                                                                                                                                                                                        • Instruction ID: d5c8e4b14406a7bb90c4fba9c2659e46dd033d2ecf2872a0dcf2a39fa3b5867a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 09cdd7cf7fc9e7e425d724a32e8c9d3bd5c12dba7606eca5b930980d9b4d1239
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7C518E41B18B0341FA6CBA27A51717A92D1AF4CFE4F984235DE0E577A6EF3CE44D4260
                                                                                                                                                                                                                                                        Function 00007FF715773480 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: HeapProcess
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 54951025-0
                                                                                                                                                                                                                                                        • Opcode ID: 1f9e0516fd534d967cb731c121838b59470578846d262458ea046ba55ab40ebf
                                                                                                                                                                                                                                                        • Instruction ID: 9e6a57316d9991edae8029c2247873dab0ab636d779ecfe1c8f7a797178d561b
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1f9e0516fd534d967cb731c121838b59470578846d262458ea046ba55ab40ebf
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FCB09220E07E02C2EA0C3B216C8BA28A3A4BF4CB21FD80138C10D40330EF2C24ED5720
                                                                                                                                                                                                                                                        Function 00007FF7157635A0 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 5eca4e5ff3e7205525bf20f3b63783aa462e3e7adb0228d62bb7e98ab9f5e9bb
                                                                                                                                                                                                                                                        • Instruction ID: 73be703d50c4027fa8f9e6f05947ff6fd4fcd4615d744b73a93ca96a52dcc167
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5eca4e5ff3e7205525bf20f3b63783aa462e3e7adb0228d62bb7e98ab9f5e9bb
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6DD1C662A08E4246FB6CAE29805627DA7A0EF49F68F944335CE0D077A5DF3DD84DC760
                                                                                                                                                                                                                                                        Function 00007FF715759800 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: e75d751cc15dfd510e55d83c6141b0e8cb11d18cbed01e0c543b372a0114c593
                                                                                                                                                                                                                                                        • Instruction ID: ec4d52b4622eb6d708be369c4ff515e490b638449965203164a714750f13cf15
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e75d751cc15dfd510e55d83c6141b0e8cb11d18cbed01e0c543b372a0114c593
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 22C180762241E08BD28AEB29E47947A73E1F78930DBD5406BEF8747785C73CA418D720
                                                                                                                                                                                                                                                        Function 00007FF715762C10 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: aa73bfa000bc8cd66a05f12d530b76a597660d7bda6a6781f52cf2f49ffced0b
                                                                                                                                                                                                                                                        • Instruction ID: ea78eeb44b6e14cc2932052e59d6f9907ee8a6e480226049145671796ddd8dca
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: aa73bfa000bc8cd66a05f12d530b76a597660d7bda6a6781f52cf2f49ffced0b
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 02B1AE72A08B9685F7A99F29C05527CBBA0E74DF68FA40235CA4E473A5CF39D44DC720
                                                                                                                                                                                                                                                        Function 00007FF71576E570 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 9611c2e0762efa78d7f6da3d8515592aa8d86601c49200b7335873453b670326
                                                                                                                                                                                                                                                        • Instruction ID: 314ba16609fde377943fe0fe327be3a4c9d2a69585bfb5f126d5ad8b243d2d38
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9611c2e0762efa78d7f6da3d8515592aa8d86601c49200b7335873453b670326
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0A810872A08B814AF778DF19944236BA691FB49BA0F944735DE8D43BA5DF3CD40C8B20
                                                                                                                                                                                                                                                        Function 00007FF715776418 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                                        • Opcode ID: 21aaab296e2e64a79b20cf98ea2699a9ab0529386423cc159892306e5cd43e00
                                                                                                                                                                                                                                                        • Instruction ID: 0eda03ec9f4b92051dc1a19c2ab3e7ff514b357abb0645ccc43fa22406670182
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 21aaab296e2e64a79b20cf98ea2699a9ab0529386423cc159892306e5cd43e00
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 67611F21E08A5246F76CAA25A05A67CF791AF48F74FD40239D61D836EDDF6DE80C8720
                                                                                                                                                                                                                                                        Function 00007FF715761D54 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                                                                                                                                                                                        • Instruction ID: 2c4482b9f2c28eba01effe9bbdbae06f413dfd74d33395b984e6aeda1214cb27
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6E519576A18E5282F7289B29D04926873A0EB49F78F644331CE4D077B4CB3AE85FC750
                                                                                                                                                                                                                                                        Function 00007FF715761944 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                                                                                                                                                                                        • Instruction ID: 843dd7adf11e38803e6ed8c385f1a2d07e50900e49985f2943c533d3fd918e28
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2C518736A14F5185F7289B29D049638B7A0EB48F78F645231CA8D577B4CB3AE84FC750
                                                                                                                                                                                                                                                        Function 00007FF715762164 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                                                                                                                                                                                        • Instruction ID: 5140f11b7827fd2d860c352437788b03511e94001f5080ef026e23aa39309e7e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 05519836A18A5286F7A89B29C44163C73A1EB5CF78F644231CA4C177B4CB3AE84FC750
                                                                                                                                                                                                                                                        Function 00007FF715761740 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
                                                                                                                                                                                                                                                        • Instruction ID: d98e3a9aaa5efc361593c8daa0e19f799f6213c9b51a09c471e15aa20368e546
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AA518636A14A5685F7289B29D04923877A1EB59F78F644231CE4C177A4CF3AEC4AC750
                                                                                                                                                                                                                                                        Function 00007FF715761F60 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
                                                                                                                                                                                                                                                        • Instruction ID: c7e48b097b10824517e49e95b9f2b260684c6d89d0d355bacfe3c31fc9bf07e6
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E251D472A19A5286F7689B29D04527CA3A0EB4CF68F644231CE4D177B5CB3AE84FC750
                                                                                                                                                                                                                                                        Function 00007FF715761B50 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
                                                                                                                                                                                                                                                        • Instruction ID: 2b3f8d14a34e461cbca41bd60a4940179a9d918a00392e6ba3feba5390c5c1ba
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B051D532A18E5185F7289F29E05923C67A0EB89F68F644231CE4C177A4DF3AE84EC750
                                                                                                                                                                                                                                                        Function 00007FF715765D30 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                                                                        • Instruction ID: dedc8873d0bb12bbd422f226c1477a0b09ef37dc84ab8f179dc59ccafefde30b
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6941C57290DF5A05FDAD991805096B8A6809F1AFB0DD813B4DDAD1B3F7CF0DA58ED120
                                                                                                                                                                                                                                                        Function 00007FF715769EA0 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 485612231-0
                                                                                                                                                                                                                                                        • Opcode ID: 1c7003d4bfacf113f63307708dabd17e5ede6cda44dccf6aa27d02a6b9ea0481
                                                                                                                                                                                                                                                        • Instruction ID: a330bef06a9e5719f4f854e7a54c813273cac0d5b8b022db58bf1b4caa18a90d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1c7003d4bfacf113f63307708dabd17e5ede6cda44dccf6aa27d02a6b9ea0481
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DD411362714E5582EF08DF2AD9161A9A391F74CFE4B999432EE0D97B64DF3DC04A8300
                                                                                                                                                                                                                                                        Function 00007FF7157680E4 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 2b8cddb4ee5dd57f1c7573491c8f445712dd312cb7e9e547cfd0f9c072f4c0c7
                                                                                                                                                                                                                                                        • Instruction ID: d235e338666cde8d5901cf055e7f0ef945e387ba6e46d73a3604d185dd0379f8
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2b8cddb4ee5dd57f1c7573491c8f445712dd312cb7e9e547cfd0f9c072f4c0c7
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1431D472718F4281F76CAF25A44612EA6D5AB88FE0F544238EA4D53BE5DF3CD4098714
                                                                                                                                                                                                                                                        Function 00007FF715779570 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 5d3ac10822f6242d2b374fc0e1218152d8e80c351f0dfcd4fab21387456caa74
                                                                                                                                                                                                                                                        • Instruction ID: f009b628742f5b20317cea5b3db3bcb3cbc0a0cbe9a74ecea7e258b320727600
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5d3ac10822f6242d2b374fc0e1218152d8e80c351f0dfcd4fab21387456caa74
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 69F044717186958ADB9C9F7DA44362977D0F708790F809039D58D83A14DB3C90658F24
                                                                                                                                                                                                                                                        Function 00007FF71575D30C Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 3c3909751b2697c6481bc0460501d6177e5cf72f77169ad8285d6e0cd944102a
                                                                                                                                                                                                                                                        • Instruction ID: 128eea689345e135a69b180c9b5addd7583d181d7dc3660426e41379990e7169
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3c3909751b2697c6481bc0460501d6177e5cf72f77169ad8285d6e0cd944102a
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 42A00221D1DC0AD0E64CAB00F896435A330FB5CB28BC00071E20E514B0BF3DA54DD320
                                                                                                                                                                                                                                                        Function 00007FF715755830 Relevance: 229.6, APIs: 86, Strings: 45, Instructions: 400libraryloaderCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF7157564CF,?,00007FF71575336E), ref: 00007FF715755840
                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF7157564CF,?,00007FF71575336E), ref: 00007FF715755852
                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF7157564CF,?,00007FF71575336E), ref: 00007FF715755889
                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF7157564CF,?,00007FF71575336E), ref: 00007FF71575589B
                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF7157564CF,?,00007FF71575336E), ref: 00007FF7157558B4
                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF7157564CF,?,00007FF71575336E), ref: 00007FF7157558C6
                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF7157564CF,?,00007FF71575336E), ref: 00007FF7157558DF
                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF7157564CF,?,00007FF71575336E), ref: 00007FF7157558F1
                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF7157564CF,?,00007FF71575336E), ref: 00007FF71575590D
                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF7157564CF,?,00007FF71575336E), ref: 00007FF71575591F
                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF7157564CF,?,00007FF71575336E), ref: 00007FF71575593B
                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF7157564CF,?,00007FF71575336E), ref: 00007FF71575594D
                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF7157564CF,?,00007FF71575336E), ref: 00007FF715755969
                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF7157564CF,?,00007FF71575336E), ref: 00007FF71575597B
                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF7157564CF,?,00007FF71575336E), ref: 00007FF715755997
                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF7157564CF,?,00007FF71575336E), ref: 00007FF7157559A9
                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF7157564CF,?,00007FF71575336E), ref: 00007FF7157559C5
                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF7157564CF,?,00007FF71575336E), ref: 00007FF7157559D7
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: AddressErrorLastProc
                                                                                                                                                                                                                                                        • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                                                                                                                        • API String ID: 199729137-653951865
                                                                                                                                                                                                                                                        • Opcode ID: a72b1b0889ffc37889110ad0e4f068dcb4eb8b0bbe2e77bf2d8672c26fae6e03
                                                                                                                                                                                                                                                        • Instruction ID: 77d5e1adcac2574c7d64eb8c6586d0f75231873ffe9f4280fb427e49c0eb078e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a72b1b0889ffc37889110ad0e4f068dcb4eb8b0bbe2e77bf2d8672c26fae6e03
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1F228B64A19F0791FA5CBB65B85A5B4A3A4AF0CFB5BC41039C91E422B0BF3CB55CC270
                                                                                                                                                                                                                                                        Function 00007FF7157581D0 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 117COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF715759390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7157545F4,00000000,00007FF715751985), ref: 00007FF7157593C9
                                                                                                                                                                                                                                                        • ExpandEnvironmentStringsW.KERNEL32(?,00007FF7157586B7,?,?,00000000,00007FF715753CBB), ref: 00007FF71575822C
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF715752810: MessageBoxW.USER32 ref: 00007FF7157528EA
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                                                                                        • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                                                                                                                                                                                                        • API String ID: 1662231829-930877121
                                                                                                                                                                                                                                                        • Opcode ID: 9187bed43bf71c5340eadf58a1920dd2feb36a2730cc38c17813087cef3183ed
                                                                                                                                                                                                                                                        • Instruction ID: adb8e81ec5dbcdbf52b2edfbaac1459a89ce6eb2f4a3a83c4d3758fdfd25eefe
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9187bed43bf71c5340eadf58a1920dd2feb36a2730cc38c17813087cef3183ed
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F3516611A38E4241FA58BB25E8576B9E360AF9CFA0FD44431E70E426F5EF2CE50C8760
                                                                                                                                                                                                                                                        Function 00007FF715752180 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                                                                        • String ID: P%
                                                                                                                                                                                                                                                        • API String ID: 2147705588-2959514604
                                                                                                                                                                                                                                                        • Opcode ID: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                                                                        • Instruction ID: 530830887b9b565ddd09b54cce59bf14f54fdf251c9e2e1d150bf627514ccc9d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5551F526614BA186D6289F26B41C1BAB7A1FB9CB65F404135EFDE43694EF3CD049CB20
                                                                                                                                                                                                                                                        Function 00007FF7157580C0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: LongWindow$BlockCreateErrorLastReasonShutdown
                                                                                                                                                                                                                                                        • String ID: Needs to remove its temporary files.
                                                                                                                                                                                                                                                        • API String ID: 3975851968-2863640275
                                                                                                                                                                                                                                                        • Opcode ID: fca9629812ae98fc4dea80e51924cd1fa5b6a95a0379263e815d251d6ca0a567
                                                                                                                                                                                                                                                        • Instruction ID: 757bed0d736734d1a2fa6e8bfc9b6e08e0f49308c85a88d857bc0057a303363c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fca9629812ae98fc4dea80e51924cd1fa5b6a95a0379263e815d251d6ca0a567
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D4213721B28E4282E6496B7AB859179A360FF4CFB0F984135DB1D473B4EF2CD59D8321
                                                                                                                                                                                                                                                        Function 00007FF715766290 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID: -$:$f$p$p
                                                                                                                                                                                                                                                        • API String ID: 3215553584-2013873522
                                                                                                                                                                                                                                                        • Opcode ID: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                                                                        • Instruction ID: ad6a27f59472bdb5fa1e7a654c099ecfd3de3e5fda8e2201064360ec219ef21c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E812D671E0CA4386FB287E15E116679F692FB48F60FC44235D689466E4DF3CE98C8B21
                                                                                                                                                                                                                                                        Function 00007FF715760FC8 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID: f$f$p$p$f
                                                                                                                                                                                                                                                        • API String ID: 3215553584-1325933183
                                                                                                                                                                                                                                                        • Opcode ID: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                                                                        • Instruction ID: a04244ce74188828c8c93430c266de8f810f5ccc43886ab66c0b82c42cb02984
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9C129461E1C94385FB28BA15F05A279F6A1FB44F60FC84235D68A479E4DF7CE48C8B20
                                                                                                                                                                                                                                                        Function 00007FF715751050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 119COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                                                                        • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                                        • API String ID: 2050909247-3659356012
                                                                                                                                                                                                                                                        • Opcode ID: ff5b4fad13ef8aaee9d991072cb01505e6ede49a985447baf4eec0a072074c38
                                                                                                                                                                                                                                                        • Instruction ID: f6988cb969041f26f69b2c5af97277b9a180ac5d208b3c9821d5c89154ed30ba
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ff5b4fad13ef8aaee9d991072cb01505e6ede49a985447baf4eec0a072074c38
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 57418261B28A5285FA18FB12A8465B9E3A1BF48FE4FC44531ED4C077A5DF3CE50D8760
                                                                                                                                                                                                                                                        Function 00007FF715751470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                                                                        • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                                        • API String ID: 2050909247-3659356012
                                                                                                                                                                                                                                                        • Opcode ID: 1a2ba8a856b3fca217ae97ea7c4189b5fa745fbbe5bd2f21962a353e35730f78
                                                                                                                                                                                                                                                        • Instruction ID: b0d2092d73608b7882515d4baf22f346914c7b7a5ddc5594e6f1316aa9ee1411
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1a2ba8a856b3fca217ae97ea7c4189b5fa745fbbe5bd2f21962a353e35730f78
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DD417721B18A4285EA18EB22A4465B5E3A1AF4CFA4FC44532ED4D077B5DF3CE54DC760
                                                                                                                                                                                                                                                        Function 00007FF71575EA08 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                                                                        • String ID: csm$csm$csm
                                                                                                                                                                                                                                                        • API String ID: 849930591-393685449
                                                                                                                                                                                                                                                        • Opcode ID: aab7c7e636ea8a2572919ef13f94062ff4905efd63cd4babadd9079b892b9703
                                                                                                                                                                                                                                                        • Instruction ID: ff95c81d5d0be0ee537d508910331399e13ec52ab0e7372456e684a0027ddb5f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: aab7c7e636ea8a2572919ef13f94062ff4905efd63cd4babadd9079b892b9703
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 88D1C232928B418AEB24AB25D4423ADB7B0FB48BA8F904575DE4D57765DF38E08CC710
                                                                                                                                                                                                                                                        Function 00007FF71576ED10 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?,?,?,00007FF71576F0AA,?,?,000001E955DD8BE8,00007FF71576AD53,?,?,?,00007FF71576AC4A,?,?,?,00007FF715765F3E), ref: 00007FF71576EE8C
                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,?,?,00007FF71576F0AA,?,?,000001E955DD8BE8,00007FF71576AD53,?,?,?,00007FF71576AC4A,?,?,?,00007FF715765F3E), ref: 00007FF71576EE98
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                                        • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                        • API String ID: 3013587201-537541572
                                                                                                                                                                                                                                                        • Opcode ID: 113d78e4ddfca44ef7199ea688f338981f8b4522c7c5ddaba00381c3941a83e2
                                                                                                                                                                                                                                                        • Instruction ID: 7aa7620db517415acdfc2d1263bcd6eda08b70b0f95d696982afdd06b1f9abcf
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 113d78e4ddfca44ef7199ea688f338981f8b4522c7c5ddaba00381c3941a83e2
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1141D421B19E1249FA1AAB16A806576A391BF4DFB0FC84A35DD1D477A4EF3CE40D8320
                                                                                                                                                                                                                                                        Function 00007FF715752C50 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF715753706,?,00007FF715753804), ref: 00007FF715752C9E
                                                                                                                                                                                                                                                        • FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF715753706,?,00007FF715753804), ref: 00007FF715752D63
                                                                                                                                                                                                                                                        • MessageBoxW.USER32 ref: 00007FF715752D99
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Message$CurrentFormatProcess
                                                                                                                                                                                                                                                        • String ID: %ls: $<FormatMessageW failed.>$Error$[PYI-%d:ERROR]
                                                                                                                                                                                                                                                        • API String ID: 3940978338-251083826
                                                                                                                                                                                                                                                        • Opcode ID: c67c27f58c2af476bbbd059d0433c12e6f67668a4e3ecf6e42cf1bc8669f0b6b
                                                                                                                                                                                                                                                        • Instruction ID: d6bbbeecdd1f522ea1fd0be928a6ecc04cafd65fe2c1160d17af6fcc137a465a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c67c27f58c2af476bbbd059d0433c12e6f67668a4e3ecf6e42cf1bc8669f0b6b
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9031B622704F5142E624BB25B8156BAA7A5BB8CBA8F814135EF4D53769EF3CD50EC310
                                                                                                                                                                                                                                                        Function 00007FF71575DCC8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(?,?,?,00007FF71575DF7A,?,?,?,00007FF71575DC6C,?,?,?,00007FF71575D869), ref: 00007FF71575DD4D
                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF71575DF7A,?,?,?,00007FF71575DC6C,?,?,?,00007FF71575D869), ref: 00007FF71575DD5B
                                                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(?,?,?,00007FF71575DF7A,?,?,?,00007FF71575DC6C,?,?,?,00007FF71575D869), ref: 00007FF71575DD85
                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?,?,?,00007FF71575DF7A,?,?,?,00007FF71575DC6C,?,?,?,00007FF71575D869), ref: 00007FF71575DDF3
                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,?,?,00007FF71575DF7A,?,?,?,00007FF71575DC6C,?,?,?,00007FF71575D869), ref: 00007FF71575DDFF
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                                                        • String ID: api-ms-
                                                                                                                                                                                                                                                        • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                                                        • Opcode ID: 276526191d17588ee9fa22b972cdf0953455baf5c8a53fb276b347519b5968a9
                                                                                                                                                                                                                                                        • Instruction ID: 111e9c7b7ab24b62c1a59a733b7868660fe2af1e960c6075f49ac87a38c2fdfe
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 276526191d17588ee9fa22b972cdf0953455baf5c8a53fb276b347519b5968a9
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6D319561B2AF5291EE19BB02A4025B5A3A4FF4CFB4FD94536DD1D063A4EF3CE54D8220
                                                                                                                                                                                                                                                        Function 00007FF715756360 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                                                                        • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                                                                                                                                                                                                        • API String ID: 2050909247-2434346643
                                                                                                                                                                                                                                                        • Opcode ID: bd35b640c02035bc0e077a05b147b005ab0e639f37cafda848bc65a29b3ec2f1
                                                                                                                                                                                                                                                        • Instruction ID: 421fea98dc5bd6598a7fec6face8bad1549ab8b6cb4dfc55c5332cf0e9a16b49
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bd35b640c02035bc0e077a05b147b005ab0e639f37cafda848bc65a29b3ec2f1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0F415721A28E8691EA19FB10F4161E9A325FF4CB64FD00132EA5D476B5DF3CE60DC760
                                                                                                                                                                                                                                                        Function 00007FF715752A50 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 64COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32(00000000,?,?,?,00000000,00007FF71575351A,?,00000000,00007FF715753F23), ref: 00007FF715752AA0
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                                                                        • String ID: 0$WARNING$Warning$Warning [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                                                                        • API String ID: 2050909247-2900015858
                                                                                                                                                                                                                                                        • Opcode ID: d3ff72078d09a899d0ca032b5bdbc8691629937d026b54217f09319e947088a3
                                                                                                                                                                                                                                                        • Instruction ID: d4069fa944eeff7be0711200930ab19c93aee73aa6a647bb00031d6ed41e31c8
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d3ff72078d09a899d0ca032b5bdbc8691629937d026b54217f09319e947088a3
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7721A332A18B8152E724AB51F4467E6A3A4FB8CB94F800135FE8C43669DF3CD14DC750
                                                                                                                                                                                                                                                        Function 00007FF71576B150 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Value$ErrorLast
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 2506987500-0
                                                                                                                                                                                                                                                        • Opcode ID: a42b9cf7ed1ffe71ebcf97f5a72f2c90d2921d4b6bb9ef7954fc9d2fe8c6feaf
                                                                                                                                                                                                                                                        • Instruction ID: fd79e5e267bbfa6c3157921d2d6e77847ea492f72242b295d446a1e7ebe92f0b
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a42b9cf7ed1ffe71ebcf97f5a72f2c90d2921d4b6bb9ef7954fc9d2fe8c6feaf
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 67213A20F18A4295FA6C73229A57139D2825F4DFB0FD44B34D93E46AEADF2CB40D8320
                                                                                                                                                                                                                                                        Function 00007FF715777D6C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                                                        • String ID: CONOUT$
                                                                                                                                                                                                                                                        • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                                                        • Opcode ID: 3755c2f75cb97972cd4ab37a7e27d28fd0bf6f95a56d27d10542fc75f089f0eb
                                                                                                                                                                                                                                                        • Instruction ID: b40dd883bde659243fce834abab898ac68dccad6768cee19c1267e6f5a165089
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3755c2f75cb97972cd4ab37a7e27d28fd0bf6f95a56d27d10542fc75f089f0eb
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 68117C21A18E4186E754AB12B85A339E3A0BB8CFF4F800634EA5D877B4DF7CD81C8750
                                                                                                                                                                                                                                                        Function 00007FF715758ED0 Relevance: 9.1, APIs: 6, Instructions: 121COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(?,FFFFFFFF,00000000,00007FF715753FB1), ref: 00007FF715758EFD
                                                                                                                                                                                                                                                        • K32EnumProcessModules.KERNEL32(?,FFFFFFFF,00000000,00007FF715753FB1), ref: 00007FF715758F5A
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF715759390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7157545F4,00000000,00007FF715751985), ref: 00007FF7157593C9
                                                                                                                                                                                                                                                        • K32GetModuleFileNameExW.KERNEL32(?,FFFFFFFF,00000000,00007FF715753FB1), ref: 00007FF715758FE5
                                                                                                                                                                                                                                                        • K32GetModuleFileNameExW.KERNEL32(?,FFFFFFFF,00000000,00007FF715753FB1), ref: 00007FF715759044
                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?,FFFFFFFF,00000000,00007FF715753FB1), ref: 00007FF715759055
                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?,FFFFFFFF,00000000,00007FF715753FB1), ref: 00007FF71575906A
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3462794448-0
                                                                                                                                                                                                                                                        • Opcode ID: 0184f5a771bb2c28f933eba3e4018dda16e38d059dd6d010c17659477659ba58
                                                                                                                                                                                                                                                        • Instruction ID: 2d5c499e5394d881743a2a2b0386cedebd3b481aa8cbb776d017741f13cb723b
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0184f5a771bb2c28f933eba3e4018dda16e38d059dd6d010c17659477659ba58
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2E41C861A29A8281EA34AB11E4012BAB3A5FB8DFE4F840535EF4D577A9DF3CD50CC710
                                                                                                                                                                                                                                                        Function 00007FF71576B2C8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF715764F11,?,?,?,?,00007FF71576A48A,?,?,?,?,00007FF71576718F), ref: 00007FF71576B2D7
                                                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF715764F11,?,?,?,?,00007FF71576A48A,?,?,?,?,00007FF71576718F), ref: 00007FF71576B30D
                                                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF715764F11,?,?,?,?,00007FF71576A48A,?,?,?,?,00007FF71576718F), ref: 00007FF71576B33A
                                                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF715764F11,?,?,?,?,00007FF71576A48A,?,?,?,?,00007FF71576718F), ref: 00007FF71576B34B
                                                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF715764F11,?,?,?,?,00007FF71576A48A,?,?,?,?,00007FF71576718F), ref: 00007FF71576B35C
                                                                                                                                                                                                                                                        • SetLastError.KERNEL32(?,?,?,00007FF715764F11,?,?,?,?,00007FF71576A48A,?,?,?,?,00007FF71576718F), ref: 00007FF71576B377
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Value$ErrorLast
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 2506987500-0
                                                                                                                                                                                                                                                        • Opcode ID: 1c08c83365d44066401784e1b70b71c7670d14ff4fb682678828c33d1612b477
                                                                                                                                                                                                                                                        • Instruction ID: da1c95f592e9f94fab503a2bdaa684e4a3104ce4657d9d41e8fc09a4c8933270
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1c08c83365d44066401784e1b70b71c7670d14ff4fb682678828c33d1612b477
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4E11E820B08A4286FA5C7722569713DA2429F4EFB0FD44734D92E566F6EF2CA44D4320
                                                                                                                                                                                                                                                        Function 00007FF715752910 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 86COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF715751B6A), ref: 00007FF71575295E
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                                                                        • String ID: %s: %s$Error$Error [ANSI Fallback]$[PYI-%d:ERROR]
                                                                                                                                                                                                                                                        • API String ID: 2050909247-2962405886
                                                                                                                                                                                                                                                        • Opcode ID: b3354eec44a94607d33eb4f3788ab89374ba031f66333e1b118589dca889f3f3
                                                                                                                                                                                                                                                        • Instruction ID: cab3b21243dbc9ad5aa7f6b4b38ae71f85f151050d95f31821030396a8aaf6d3
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b3354eec44a94607d33eb4f3788ab89374ba031f66333e1b118589dca889f3f3
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7031E762B18A8156E714B761B8466E6A395BF8CBE4F800131FE8D83765EF3CD14EC210
                                                                                                                                                                                                                                                        Function 00007FF715752390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                                                                        • String ID: Unhandled exception in script
                                                                                                                                                                                                                                                        • API String ID: 3081866767-2699770090
                                                                                                                                                                                                                                                        • Opcode ID: 851ce5d4a208b56cb63585478e484d0f9d6918564d04618497f061aba15d8534
                                                                                                                                                                                                                                                        • Instruction ID: d08557a8b8821b8973906fc3cb3192a557759d083e2f1293ba88e33c822750c1
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 851ce5d4a208b56cb63585478e484d0f9d6918564d04618497f061aba15d8534
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CC316671619A8145EB14EB61E85A2F9A360FF8DB94F840135EA4D47B69DF3CD10CC710
                                                                                                                                                                                                                                                        Function 00007FF715752B50 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32(?,00000000,00000000,FFFFFFFF,00000000,00007FF71575918F,?,00007FF715753C55), ref: 00007FF715752BA0
                                                                                                                                                                                                                                                        • MessageBoxW.USER32 ref: 00007FF715752C2A
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CurrentMessageProcess
                                                                                                                                                                                                                                                        • String ID: WARNING$Warning$[PYI-%d:%ls]
                                                                                                                                                                                                                                                        • API String ID: 1672936522-3797743490
                                                                                                                                                                                                                                                        • Opcode ID: 4a0b6e8ebe13cae449087f655af1d2523953ec7fd560ce9a50e7097f48d063a1
                                                                                                                                                                                                                                                        • Instruction ID: b164889b1a51222d2602df30cd012d71220f481946d50d561e46b8f935db4d4d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4a0b6e8ebe13cae449087f655af1d2523953ec7fd560ce9a50e7097f48d063a1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CC21D162718F4152E714AB14F84A7AAA3A4EB8CB90F800136EE8D53665EF3CD20DC750
                                                                                                                                                                                                                                                        Function 00007FF715752710 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32(?,00000000,00000000,?,00000000,00007FF715751B99), ref: 00007FF715752760
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                                                                        • String ID: ERROR$Error$Error [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                                                                        • API String ID: 2050909247-1591803126
                                                                                                                                                                                                                                                        • Opcode ID: a4fe537d534c2fb53088f6f6b76b448a80ccad2508d4dc842b27f1a8247accfc
                                                                                                                                                                                                                                                        • Instruction ID: f8a240d05b6480500e0115a94048b92f56d44e91395bef506ea5564446eca99c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a4fe537d534c2fb53088f6f6b76b448a80ccad2508d4dc842b27f1a8247accfc
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4121B572A18B8152E714EB50F4467E6A3A4FB8CB94F800131FE8C43669DF7CD24D8750
                                                                                                                                                                                                                                                        Function 00007FF715769A88 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                        • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                        • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                        • Opcode ID: b239dd027a539e56a716c05e535b4da9cb8e2339e08a4dc57142401ef2416000
                                                                                                                                                                                                                                                        • Instruction ID: 088829dc2ad7aa57635dd163ac829151c3dc0c026bc3bd15e1482644e4e8e06f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b239dd027a539e56a716c05e535b4da9cb8e2339e08a4dc57142401ef2416000
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4BF04F65B19E0681FA18AB24A48A37AA360EF4DB75F940235D66E465F4EF2CD08CD320
                                                                                                                                                                                                                                                        Function 00007FF715779368 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _set_statfp
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 1156100317-0
                                                                                                                                                                                                                                                        • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                                                        • Instruction ID: 260963370611d529cd9f238b2c983d88c04dd8ac365ff522e6c71ffa8d8739b4
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0E119032E4AE0201FA6C7169F49B3799241EF5DF74E850635EA6E062F69F6CA84D8120
                                                                                                                                                                                                                                                        Function 00007FF71576B390 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • FlsGetValue.KERNEL32(?,?,?,00007FF71576A5A3,?,?,00000000,00007FF71576A83E,?,?,?,?,?,00007FF71576A7CA), ref: 00007FF71576B3AF
                                                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF71576A5A3,?,?,00000000,00007FF71576A83E,?,?,?,?,?,00007FF71576A7CA), ref: 00007FF71576B3CE
                                                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF71576A5A3,?,?,00000000,00007FF71576A83E,?,?,?,?,?,00007FF71576A7CA), ref: 00007FF71576B3F6
                                                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF71576A5A3,?,?,00000000,00007FF71576A83E,?,?,?,?,?,00007FF71576A7CA), ref: 00007FF71576B407
                                                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF71576A5A3,?,?,00000000,00007FF71576A83E,?,?,?,?,?,00007FF71576A7CA), ref: 00007FF71576B418
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Value
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3702945584-0
                                                                                                                                                                                                                                                        • Opcode ID: 44f6b3e63c936746b9124b5af5da9c753e88c88086b63197a25bc1506e4861c0
                                                                                                                                                                                                                                                        • Instruction ID: 36773c6da56388b01968d7cfae285b9977b982a9ee67f57f3cd389289074099b
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 44f6b3e63c936746b9124b5af5da9c753e88c88086b63197a25bc1506e4861c0
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 33113D20F08E4281FA5CB7269557179A2419F4DFB0FD84734E93D566FADF2CB44D8220
                                                                                                                                                                                                                                                        Function 00007FF71576B224 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Value
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3702945584-0
                                                                                                                                                                                                                                                        • Opcode ID: 92671db20a050c4f2636db97a8291f7b9cbb2c044339a59ef12305351f814945
                                                                                                                                                                                                                                                        • Instruction ID: 0f762ac83b0baea3b733f492efe881b6b5454d46190f6d2a6ccea70e6191c81e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 92671db20a050c4f2636db97a8291f7b9cbb2c044339a59ef12305351f814945
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6B11B320F08A0689FAAC7262445797A92824F4EB70FD84B34D93E5A6E6DF2CB44D4631
                                                                                                                                                                                                                                                        Function 00007FF715765FA0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID: verbose
                                                                                                                                                                                                                                                        • API String ID: 3215553584-579935070
                                                                                                                                                                                                                                                        • Opcode ID: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                                                                        • Instruction ID: aa33bb63ba40bf0b9bca1274c1dd06b2de49579e32e4770caf636f40872cf42a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DB91C022A08E4685FB29AE25D45277DB695AB48F64FC44332DA5D433E6DF3CE84D8320
                                                                                                                                                                                                                                                        Function 00007FF71576FBC8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                                                                        • API String ID: 3215553584-1196891531
                                                                                                                                                                                                                                                        • Opcode ID: 7089664b0a027e884898b454f5d4d61e653d4f3baae8c024cbe23c99275e4c13
                                                                                                                                                                                                                                                        • Instruction ID: f8ce9560e032b4daf001d7dcad4b3ea099dcea8f3c7c8c7f23730e55e57f3ec4
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7089664b0a027e884898b454f5d4d61e653d4f3baae8c024cbe23c99275e4c13
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9E81C872E0895385F76C7E29C123278A6A0AB1DF64FD55231C929972BDCF2DF80D9321
                                                                                                                                                                                                                                                        Function 00007FF71575D648 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                                                                        • String ID: csm
                                                                                                                                                                                                                                                        • API String ID: 2395640692-1018135373
                                                                                                                                                                                                                                                        • Opcode ID: 4bd751ab4a757734da5bac4c310991cbc8ef63d187f18c7a3c34a87046479a0f
                                                                                                                                                                                                                                                        • Instruction ID: 713d753cfc05b0f581c7ec32643ac6269806788b014808ac5d21bbb62b736bc4
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4bd751ab4a757734da5bac4c310991cbc8ef63d187f18c7a3c34a87046479a0f
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5B51D532B29A028ADB18EF25E405678B3A1FB48FA4F904534DA4D47764EF7CE94EC750
                                                                                                                                                                                                                                                        Function 00007FF71575EED8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                                                                        • String ID: MOC$RCC
                                                                                                                                                                                                                                                        • API String ID: 3544855599-2084237596
                                                                                                                                                                                                                                                        • Opcode ID: 1c81a5d02d7979dd4dad50f55436adaf5051385037e661534b2c2f58034018d3
                                                                                                                                                                                                                                                        • Instruction ID: 1f4723bc07a88f2489052a7999e09b8d473685a5e6886d2ca0dbdc3847208c9a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1c81a5d02d7979dd4dad50f55436adaf5051385037e661534b2c2f58034018d3
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0561D472918BC485E764EF15E4413AAF7A0FB88BA4F444625EB9C037A5DF7CD188CB10
                                                                                                                                                                                                                                                        Function 00007FF71575F288 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                                                                        • String ID: csm$csm
                                                                                                                                                                                                                                                        • API String ID: 3896166516-3733052814
                                                                                                                                                                                                                                                        • Opcode ID: b828653c103bc27f8420a51a056d9897bfd6e6497fd7c081c32eb92dd3ed2bbb
                                                                                                                                                                                                                                                        • Instruction ID: 25821a5dd82af65ac2d4b7025a2b2d4d3e19c3f4d6fe080cc39a4101e6a8929d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b828653c103bc27f8420a51a056d9897bfd6e6497fd7c081c32eb92dd3ed2bbb
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BE51B5B2528A4286EB28AB21D14537CB7B0EB58FA4F944135DB6C43BA5CF3CE45CC710
                                                                                                                                                                                                                                                        Function 00007FF715752810 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Message
                                                                                                                                                                                                                                                        • String ID: ERROR$Error$[PYI-%d:%ls]
                                                                                                                                                                                                                                                        • API String ID: 2030045667-255084403
                                                                                                                                                                                                                                                        • Opcode ID: 035b7a672ed8def45fe49a9c290554376ffedfd07499b26c39d849b73b89d90e
                                                                                                                                                                                                                                                        • Instruction ID: 1645623ebf8500359adab16446b50a207b9a4ad81aa951f14f2c3d2dc794bb4b
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 035b7a672ed8def45fe49a9c290554376ffedfd07499b26c39d849b73b89d90e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D821D162B18F4182E714AB54F44A7EAA3A4EB8CB90F800136EE8D53665EF3CD24DC750
                                                                                                                                                                                                                                                        Function 00007FF71576C5A0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 2718003287-0
                                                                                                                                                                                                                                                        • Opcode ID: 04e310725d937c0b27e7ac1e6c46040fced781be2c4963351fe3137ba04acc33
                                                                                                                                                                                                                                                        • Instruction ID: a5ba18b0ec9571bfdc5338ef2080024e891b5d7b5af3138989b6ef488639ae05
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 04e310725d937c0b27e7ac1e6c46040fced781be2c4963351fe3137ba04acc33
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 99D1EF72F08B8189E714DF65D4452AC77B5FB18BA8B804226DE4D97BA9DB38D40EC710
                                                                                                                                                                                                                                                        Function 00007FF7157520C0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 1956198572-0
                                                                                                                                                                                                                                                        • Opcode ID: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                                                                        • Instruction ID: 3e133e9702ec484f68ea8151ce601303bfc9b5e95f72574b32597407b51286e7
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E811A921B2C94642F658A769F54A27E9361EF9CFA0FC48030EB4D07BA9DF2DD49D8210
                                                                                                                                                                                                                                                        Function 00007FF715775B1C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID: ?
                                                                                                                                                                                                                                                        • API String ID: 1286766494-1684325040
                                                                                                                                                                                                                                                        • Opcode ID: 21862b7f5a6063227688de7d7fc5fbfc7fa1fb1d7946118fe9e576ba790fa6aa
                                                                                                                                                                                                                                                        • Instruction ID: 0b6c181c9f38a1aa4b7878905e4da7d74597d84460e3bc6d4b1cb548d660dbe1
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 21862b7f5a6063227688de7d7fc5fbfc7fa1fb1d7946118fe9e576ba790fa6aa
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9C412A12A08AC247F768A726B40A379E751EB89FB4F944235EE5C06AF5DF3CD44D8710
                                                                                                                                                                                                                                                        Function 00007FF715769014 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 00007FF715769046
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF71576A948: RtlFreeHeap.NTDLL(?,?,?,00007FF715772D22,?,?,?,00007FF715772D5F,?,?,00000000,00007FF715773225,?,?,?,00007FF715773157), ref: 00007FF71576A95E
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF71576A948: GetLastError.KERNEL32(?,?,?,00007FF715772D22,?,?,?,00007FF715772D5F,?,?,00000000,00007FF715773225,?,?,?,00007FF715773157), ref: 00007FF71576A968
                                                                                                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF71575CBA5), ref: 00007FF715769064
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID: C:\Users\user\Desktop\user.exe
                                                                                                                                                                                                                                                        • API String ID: 3580290477-404738603
                                                                                                                                                                                                                                                        • Opcode ID: 136b352ca89953b7aac46d199a587659114d0cf60bae53edf27061cb20026a80
                                                                                                                                                                                                                                                        • Instruction ID: cc8c3da598c799945dffd6a6dfe17529b9cc2d2bff5376b3e3ea315889c63738
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 136b352ca89953b7aac46d199a587659114d0cf60bae53edf27061cb20026a80
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0B416C36A08F0285FB1DBF2594420BCA795EB48FA0B954135EA4E43BA5DF38E48D8360
                                                                                                                                                                                                                                                        Function 00007FF71576CC38 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                                        • String ID: U
                                                                                                                                                                                                                                                        • API String ID: 442123175-4171548499
                                                                                                                                                                                                                                                        • Opcode ID: 4f5d94246872f2193e537bc66f33c90add5f7e97f4787e66017fcfb3b1ebd6d4
                                                                                                                                                                                                                                                        • Instruction ID: ebe27186db8a2ab3873fd22d6834ccfc44458394dd9fb6f692643b215066bb03
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4f5d94246872f2193e537bc66f33c90add5f7e97f4787e66017fcfb3b1ebd6d4
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6F41B432B18E4185EB24AF25E4563B9B764FB88BA4F944131EE4D877A4EF3CD409C760
                                                                                                                                                                                                                                                        Function 00007FF71576F5B8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CurrentDirectory
                                                                                                                                                                                                                                                        • String ID: :
                                                                                                                                                                                                                                                        • API String ID: 1611563598-336475711
                                                                                                                                                                                                                                                        • Opcode ID: 9aa1b1c0966d0181e71a7442aa19fd9d8a3a06258be719e39fc35e3b215e25b0
                                                                                                                                                                                                                                                        • Instruction ID: 78fd4f3da5827842af186ff5baa65327fc167617d7c2993e0eb78468e7d8bcf6
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9aa1b1c0966d0181e71a7442aa19fd9d8a3a06258be719e39fc35e3b215e25b0
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1321E362A08A4181FB28AF11D04A26DA3A1FB8CF54FD54235DA5D432A8DF7CD94C8761
                                                                                                                                                                                                                                                        Function 00007FF71575FD48 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                                                        • String ID: csm
                                                                                                                                                                                                                                                        • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                                                        • Opcode ID: b596af9f6a60738c50b353da5cbad86497326ffe12a5eabfdc94c01c9dae4a3e
                                                                                                                                                                                                                                                        • Instruction ID: caad3cedabacc770eca52912bb8c91f8321186ddf39992a9a655fd82c4a02269
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b596af9f6a60738c50b353da5cbad86497326ffe12a5eabfdc94c01c9dae4a3e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A5114C32619F8182EB259F15F404269B7E4FB8CB94F584230DB8D07768DF3CD5598B00
                                                                                                                                                                                                                                                        Function 00007FF71577073C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.3408300801.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408284906.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408325398.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408350102.00007FF715792000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.3408380809.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID: :
                                                                                                                                                                                                                                                        • API String ID: 2595371189-336475711
                                                                                                                                                                                                                                                        • Opcode ID: 68237dfdc7112287ec82a3b365f776b5c9f6f856de5878160eaa1a8f91e0357f
                                                                                                                                                                                                                                                        • Instruction ID: 86c1f11d98b05af4c775e42fc1d002f4fe186bc038a949b893c42b29d90a3065
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 68237dfdc7112287ec82a3b365f776b5c9f6f856de5878160eaa1a8f91e0357f
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 90018865918A0389FB29BF60A46F27EA3A0EF4CB64FD41535D54D426A1DF2CD50CCF24

                                                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                                                        Function 00007FFD93C08A30 Relevance: 591.1, APIs: 57, Strings: 280, Instructions: 1345libraryloaderCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 0 7ffd93c08a30-7ffd93c08a63 PySys_GetObject 1 7ffd93c08aa1 PyErr_Clear 0->1 2 7ffd93c08a65-7ffd93c08a73 PyLong_AsUnsignedLongMask 0->2 4 7ffd93c08aa7-7ffd93c08ab5 call 7ffd93c140b0 1->4 3 7ffd93c08a75-7ffd93c08a7e PyErr_Occurred 2->3 2->4 3->4 5 7ffd93c08a80 3->5 9 7ffd93c08abe-7ffd93c08ac7 ?PyWinGlobals_Ensure@@YAHXZ 4->9 10 7ffd93c08ab7-7ffd93c08ab9 call 7ffd93c14180 4->10 7 7ffd93c08a82-7ffd93c08aa0 5->7 9->5 12 7ffd93c08ac9-7ffd93c08ae1 PyModule_Create2 9->12 10->9 12->5 13 7ffd93c08ae3-7ffd93c08af2 PyModule_GetDict 12->13 13->5 14 7ffd93c08af4-7ffd93c08afb call 7ffd93c12d10 13->14 14->5 17 7ffd93c08afd-7ffd93c08b55 PyDict_SetItemString * 3 PyType_Ready 14->17 17->5 18 7ffd93c08b5b-7ffd93c08b6e PyType_Ready 17->18 18->5 19 7ffd93c08b74-7ffd93c08b87 PyType_Ready 18->19 19->5 20 7ffd93c08b8d-7ffd93c08ba0 PyType_Ready 19->20 20->5 21 7ffd93c08ba6-7ffd93c08c83 call 7ffd93c49e90 _Py_NewReference PyDict_SetItemString call 7ffd93c49e90 _Py_NewReference PyDict_SetItemString call 7ffd93c49e90 _Py_NewReference PyDict_SetItemString call 7ffd93c49e90 _Py_NewReference PyDict_SetItemString 20->21 30 7ffd93c08ca1-7ffd93c08cb6 PyDict_SetItemString 21->30 31 7ffd93c08c85-7ffd93c08c9c PyErr_SetString 21->31 30->5 32 7ffd93c08cbc-7ffd93c08cd1 PyDict_SetItemString 30->32 31->5 32->5 33 7ffd93c08cd7-7ffd93c08cf3 PyDict_SetItemString 32->33 33->5 34 7ffd93c08cf9-7ffd93c08d27 PyErr_NewException PyDict_SetItemString 33->34 34->5 35 7ffd93c08d2d-7ffd93c08d3b 34->35 36 7ffd93c08d40-7ffd93c08d54 ?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z 35->36 36->5 37 7ffd93c08d5a-7ffd93c08d6e PyDict_SetItemString 36->37 38 7ffd93c08d7f-7ffd93c08d81 37->38 39 7ffd93c08d70-7ffd93c08d74 37->39 38->5 41 7ffd93c08d87-7ffd93c08d8a 38->41 39->38 40 7ffd93c08d76-7ffd93c08d79 _Py_Dealloc 39->40 40->38 41->36 42 7ffd93c08d8c-7ffd93c08d9c PyType_Ready 41->42 42->5 43 7ffd93c08da2-7ffd93c08db2 PyType_Ready 42->43 43->5 44 7ffd93c08db8-7ffd93c08dc8 PyType_Ready 43->44 44->5 45 7ffd93c08dce-7ffd93c08dde PyType_Ready 44->45 45->5 46 7ffd93c08de4-7ffd93c08df4 PyType_Ready 45->46 46->5 47 7ffd93c08dfa-7ffd93c08e12 PyModule_Create2 46->47 47->5 48 7ffd93c08e18-7ffd93c08e4b PyDict_New PyDict_SetItemString GetModuleHandleW 47->48 49 7ffd93c08e4d-7ffd93c08eb9 GetProcAddress * 5 48->49 50 7ffd93c08ec0-7ffd93c08ed0 GetModuleHandleW 48->50 49->50 51 7ffd93c08ed2-7ffd93c08ee2 LoadLibraryExW 50->51 52 7ffd93c08ee4-7ffd93c08ef4 GetProcAddress 50->52 51->52 53 7ffd93c08efb-7ffd93c0a398 call 7ffd93c089c0 * 254 call 7ffd93c012d0 51->53 52->53 564 7ffd93c0a3c2-7ffd93c0a3e2 call 7ffd93c089c0 * 2 53->564 565 7ffd93c0a39a-7ffd93c0a3c0 call 7ffd93c089c0 * 2 53->565 574 7ffd93c0a3e5-7ffd93c0a41a call 7ffd93c089c0 ?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z PyDict_SetItemString 564->574 565->574 577 7ffd93c0a42b-7ffd93c0a451 ?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z PyDict_SetItemString 574->577 578 7ffd93c0a41c-7ffd93c0a420 574->578 580 7ffd93c0a462-7ffd93c0a488 ?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z PyDict_SetItemString 577->580 581 7ffd93c0a453-7ffd93c0a457 577->581 578->577 579 7ffd93c0a422-7ffd93c0a425 _Py_Dealloc 578->579 579->577 583 7ffd93c0a499-7ffd93c0a49c 580->583 584 7ffd93c0a48a-7ffd93c0a48e 580->584 581->580 582 7ffd93c0a459-7ffd93c0a45c _Py_Dealloc 581->582 582->580 583->7 584->583 585 7ffd93c0a490-7ffd93c0a493 _Py_Dealloc 584->585 585->583
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3410823626.00007FFD93BF1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFD93BF0000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410805377.00007FFD93BF0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410864735.00007FFD93C4E000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410893652.00007FFD93C81000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410911924.00007FFD93C8C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410930367.00007FFD93C8D000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410958266.00007FFD93C96000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffd93bf0000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Dict_String$Item$ReadyType_$AddressProc$DeallocFrom$D@@@Err_Object_ReferenceU_object@@$HandleModuleModule_$Create2LongLong_$ClearDictEnsure@@ExceptionGlobals_LibraryLoadMaskObjectOccurredSys_Unsigned
                                                                                                                                                                                                                                                        • String ID: ACTIVEOBJECT_STRONG$ACTIVEOBJECT_WEAK$ArgNotFound$CLSCTX_ALL$CLSCTX_INPROC$CLSCTX_INPROC_HANDLER$CLSCTX_INPROC_SERVER$CLSCTX_LOCAL_SERVER$CLSCTX_REMOTE_SERVER$CLSCTX_SERVER$COINIT_APARTMENTTHREADED$COINIT_DISABLE_OLE1DDE$COINIT_MULTITHREADED$COINIT_SPEED_OVER_MEMORY$COWAIT_ALERTABLE$COWAIT_WAITALL$CoCreateInstanceEx$CoGetCancelObject$CoGetObjectContext$CoInitializeSecurity$CoWaitForMultipleHandles$CreateURLMonikerEx$DATADIR_GET$DATADIR_SET$DESCKIND_FUNCDESC$DESCKIND_VARDESC$DISPATCH_METHOD$DISPATCH_PROPERTYGET$DISPATCH_PROPERTYPUT$DISPATCH_PROPERTYPUTREF$DISPID_COLLECT$DISPID_CONSTRUCTOR$DISPID_DESTRUCTOR$DISPID_EVALUATE$DISPID_NEWENUM$DISPID_PROPERTYPUT$DISPID_STARTENUM$DISPID_THIS$DISPID_UNKNOWN$DISPID_VALUE$DVASPECT_CONTENT$DVASPECT_DOCPRINT$DVASPECT_ICON$DVASPECT_THUMBNAIL$EOAC_ACCESS_CONTROL$EOAC_ANY_AUTHORITY$EOAC_APPID$EOAC_AUTO_IMPERSONATE$EOAC_DEFAULT$EOAC_DISABLE_AAA$EOAC_DYNAMIC$EOAC_DYNAMIC_CLOAKING$EOAC_MAKE_FULLSIC$EOAC_MUTUAL_AUTH$EOAC_NONE$EOAC_NO_CUSTOM_MARSHAL$EOAC_REQUIRE_FULLSIC$EOAC_SECURE_REFS$EOAC_STATIC_CLOAKING$EXTCONN_CALLABLE$EXTCONN_STRONG$EXTCONN_WEAK$Empty$FMTID_DocSummaryInformation$FMTID_SummaryInformation$FMTID_UserDefinedProperties$FUNCFLAG_FBINDABLE$FUNCFLAG_FDEFAULTBIND$FUNCFLAG_FDISPLAYBIND$FUNCFLAG_FHIDDEN$FUNCFLAG_FREQUESTEDIT$FUNCFLAG_FRESTRICTED$FUNCFLAG_FSOURCE$FUNCFLAG_FUSESGETLASTERROR$FUNC_DISPATCH$FUNC_NONVIRTUAL$FUNC_PUREVIRTUAL$FUNC_STATIC$FUNC_VIRTUAL$IDLFLAG_FIN$IDLFLAG_FLCID$IDLFLAG_FOUT$IDLFLAG_FRETVAL$IDLFLAG_NONE$IMPLTYPEFLAG_FDEFAULT$IMPLTYPEFLAG_FRESTRICTED$IMPLTYPEFLAG_FSOURCE$INVOKE_FUNC$INVOKE_PROPERTYGET$INVOKE_PROPERTYPUT$INVOKE_PROPERTYPUTREF$InterfaceNames$MKSYS_ANTIMONIKER$MKSYS_CLASSMONIKER$MKSYS_FILEMONIKER$MKSYS_GENERICCOMPOSITE$MKSYS_ITEMMONIKER$MKSYS_NONE$MKSYS_POINTERMONIKER$MSHCTX_DIFFERENTMACHINE$MSHCTX_INPROC$MSHCTX_LOCAL$MSHCTX_NOSHAREDMEM$MSHLFLAGS_NOPING$MSHLFLAGS_NORMAL$MSHLFLAGS_TABLESTRONG$MSHLFLAGS_TABLEWEAK$Missing$Nothing$PARAMFLAG_FHASDEFAULT$PARAMFLAG_FIN$PARAMFLAG_FLCID$PARAMFLAG_FOPT$PARAMFLAG_FOUT$PARAMFLAG_FRETVAL$PARAMFLAG_NONE$REGCLS_MULTIPLEUSE$REGCLS_MULTI_SEPARATE$REGCLS_SINGLEUSE$REGCLS_SUSPENDED$ROTFLAGS_ALLOWANYCLIENT$ROTFLAGS_REGISTRATIONKEEPSALIVE$RPC_C_AUTHN_DCE_PRIVATE$RPC_C_AUTHN_DCE_PUBLIC$RPC_C_AUTHN_DEC_PUBLIC$RPC_C_AUTHN_DEFAULT$RPC_C_AUTHN_DPA$RPC_C_AUTHN_GSS_KERBEROS$RPC_C_AUTHN_GSS_NEGOTIATE$RPC_C_AUTHN_GSS_SCHANNEL$RPC_C_AUTHN_LEVEL_CALL$RPC_C_AUTHN_LEVEL_CONNECT$RPC_C_AUTHN_LEVEL_DEFAULT$RPC_C_AUTHN_LEVEL_NONE$RPC_C_AUTHN_LEVEL_PKT$RPC_C_AUTHN_LEVEL_PKT_INTEGRITY$RPC_C_AUTHN_LEVEL_PKT_PRIVACY$RPC_C_AUTHN_MQ$RPC_C_AUTHN_MSN$RPC_C_AUTHN_NONE$RPC_C_AUTHN_WINNT$RPC_C_AUTHZ_DCE$RPC_C_AUTHZ_DEFAULT$RPC_C_AUTHZ_NAME$RPC_C_AUTHZ_NONE$RPC_C_IMP_LEVEL_ANONYMOUS$RPC_C_IMP_LEVEL_DEFAULT$RPC_C_IMP_LEVEL_DELEGATE$RPC_C_IMP_LEVEL_IDENTIFY$RPC_C_IMP_LEVEL_IMPERSONATE$STDOLE2_LCID$STDOLE2_MAJORVERNUM$STDOLE2_MINORVERNUM$STDOLE_LCID$STDOLE_MAJORVERNUM$STDOLE_MINORVERNUM$STREAM_SEEK_CUR$STREAM_SEEK_END$STREAM_SEEK_SET$SYS_MAC$SYS_WIN16$SYS_WIN32$ServerInterfaces$TKIND_ALIAS$TKIND_COCLASS$TKIND_DISPATCH$TKIND_ENUM$TKIND_INTERFACE$TKIND_MODULE$TKIND_RECORD$TKIND_UNION$TYMED_ENHMF$TYMED_FILE$TYMED_GDI$TYMED_HGLOBAL$TYMED_ISTORAGE$TYMED_ISTREAM$TYMED_MFPICT$TYMED_NULL$TYPEFLAG_FAGGREGATABLE$TYPEFLAG_FAPPOBJECT$TYPEFLAG_FCANCREATE$TYPEFLAG_FCONTROL$TYPEFLAG_FDISPATCHABLE$TYPEFLAG_FDUAL$TYPEFLAG_FHIDDEN$TYPEFLAG_FLICENSED$TYPEFLAG_FNONEXTENSIBLE$TYPEFLAG_FOLEAUTOMATION$TYPEFLAG_FPREDECLID$TYPEFLAG_FREPLACEABLE$TYPEFLAG_FRESTRICTED$TYPEFLAG_FREVERSEBIND$TypeIIDs$URL_MK_LEGACY$URL_MK_UNIFORM$VARFLAG_FREADONLY$VAR_CONST$VAR_DISPATCH$VAR_PERINSTANCE$VAR_STATIC$VT_ARRAY$VT_BLOB$VT_BLOB_OBJECT$VT_BOOL$VT_BSTR$VT_BSTR_BLOB$VT_BYREF$VT_CARRAY$VT_CF$VT_CLSID$VT_CY$VT_DATE$VT_DECIMAL$VT_DISPATCH$VT_EMPTY$VT_ERROR$VT_FILETIME$VT_HRESULT$VT_I1$VT_I2$VT_I4$VT_I8$VT_ILLEGAL$VT_ILLEGALMASKED$VT_INT$VT_LPSTR$VT_LPWSTR$VT_NULL$VT_PTR$VT_R4$VT_R8$VT_RECORD$VT_RESERVED$VT_SAFEARRAY$VT_STORAGE$VT_STORED_OBJECT$VT_STREAM$VT_STREAMED_OBJECT$VT_TYPEMASK$VT_UI1$VT_UI2$VT_UI4$VT_UI8$VT_UINT$VT_UNKNOWN$VT_USERDEFINED$VT_VARIANT$VT_VECTOR$VT_VOID$_univgw$can't define ole_error$coinit_flags$com_error$dcom$error$fdexNameCaseInsensitive$fdexNameCaseSensitive$fdexNameEnsure$fdexNameImplicit$fdexPropCanCall$fdexPropCanConstruct$fdexPropCanGet$fdexPropCanPut$fdexPropCanPutRef$fdexPropCanSourceEvents$fdexPropCannotCall$fdexPropCannotConstruct$fdexPropCannotGet$fdexPropCannotPut$fdexPropCannotPutRef$fdexPropCannotSourceEvents$fdexPropDynamicType$fdexPropNoSideEffects$frozen$internal_error$ole32.dll$ole_error$pythoncom.internal_error$urlmon.dll
                                                                                                                                                                                                                                                        • API String ID: 1000972437-3953899047
                                                                                                                                                                                                                                                        • Opcode ID: 50b178b6dc7987ebe6360e7943940d86408c5d0eb80b93197e5c57d2a6e1887f
                                                                                                                                                                                                                                                        • Instruction ID: deeb8f721e8af3959aa280defdfd438f93a87f4b0bd387f06fbbb52894b7dbce
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 50b178b6dc7987ebe6360e7943940d86408c5d0eb80b93197e5c57d2a6e1887f
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E2D23B54B1DF4280FE34ABD6D6B07BC176AAF46BC0F809431D84D37B929F6EA6058742
                                                                                                                                                                                                                                                        Function 00007FFDA35A1A0F Relevance: 144.4, APIs: 74, Strings: 8, Instructions: 858COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413120619.00007FFDA35A1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDA35A0000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413103779.00007FFDA35A0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413120619.00007FFDA3623000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413193437.00007FFDA3625000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413218182.00007FFDA364D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413238640.00007FFDA3652000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413238640.00007FFDA3658000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413238640.00007FFDA3660000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda35a0000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: R_new$R_set_debug$O_free$D_get_sizeO_memcmpR_clear_last_markR_get_flagsR_set_markX_get0_cipherX_get0_md
                                                                                                                                                                                                                                                        • String ID: $..\s\ssl\record\ssl3_record.c$CONNE$GET $HEAD $POST $PUT $ssl3_get_record
                                                                                                                                                                                                                                                        • API String ID: 2283737721-2781224710
                                                                                                                                                                                                                                                        • Opcode ID: 40243567b0c9e5d0b1d25a9c0806e483eb2da45cb6c3cb4bcf6ca79101e842da
                                                                                                                                                                                                                                                        • Instruction ID: 764d7565e730c087641b3fe395250c3c464e3cc933ab108d8d2e831dd4d909b7
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 40243567b0c9e5d0b1d25a9c0806e483eb2da45cb6c3cb4bcf6ca79101e842da
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B2828C32B0EA8282FB25DB29D4603B92792EF41785F685036DA4D677D7DF3EE5418308
                                                                                                                                                                                                                                                        Function 00007FFD93C01330 Relevance: 68.5, APIs: 31, Strings: 8, Instructions: 260threadcomCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 1211 7ffd93c01330-7ffd93c01384 PyArg_ParseTuple 1212 7ffd93c0138a-7ffd93c0139c ?PyWinObject_AsIID@@YAHPEAU_object@@PEAU_GUID@@@Z 1211->1212 1213 7ffd93c0150f 1211->1213 1212->1213 1214 7ffd93c013a2-7ffd93c013b4 ?PyWinObject_AsIID@@YAHPEAU_object@@PEAU_GUID@@@Z 1212->1214 1215 7ffd93c01511-7ffd93c01533 call 7ffd93c49e60 1213->1215 1214->1213 1216 7ffd93c013ba-7ffd93c013c6 1214->1216 1218 7ffd93c013c8-7ffd93c013cf 1216->1218 1219 7ffd93c013d4-7ffd93c013e6 PyObject_IsInstance 1216->1219 1221 7ffd93c01615-7ffd93c01651 PyEval_SaveThread CoCreateInstance 1218->1221 1222 7ffd93c013ec-7ffd93c013f1 1219->1222 1223 7ffd93c014da-7ffd93c014f0 PyObject_GetAttrString 1219->1223 1224 7ffd93c01659-7ffd93c01664 PyEval_RestoreThread 1221->1224 1225 7ffd93c01653 1221->1225 1226 7ffd93c0141c-7ffd93c01423 1222->1226 1227 7ffd93c013f3-7ffd93c013fc PyErr_Occurred 1222->1227 1228 7ffd93c01534-7ffd93c0153d 1223->1228 1229 7ffd93c014f2-7ffd93c01509 PyErr_Clear PyErr_SetString 1223->1229 1230 7ffd93c0167b-7ffd93c01683 1224->1230 1231 7ffd93c01666-7ffd93c01676 call 7ffd93bf4cc0 1224->1231 1225->1224 1234 7ffd93c01425 1226->1234 1235 7ffd93c01434-7ffd93c01446 PyObject_IsInstance 1226->1235 1232 7ffd93c01415-7ffd93c01417 1227->1232 1233 7ffd93c013fe-7ffd93c0140f PyErr_SetString 1227->1233 1236 7ffd93c0154c-7ffd93c0155e PyObject_IsInstance 1228->1236 1237 7ffd93c0153f-7ffd93c01547 1228->1237 1229->1213 1242 7ffd93c016a8-7ffd93c016b9 ?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z 1230->1242 1243 7ffd93c01685-7ffd93c01691 1230->1243 1231->1215 1244 7ffd93c0160d-7ffd93c0160f 1232->1244 1233->1232 1245 7ffd93c0142a-7ffd93c0142f 1234->1245 1246 7ffd93c01448-7ffd93c01469 PyErr_Format 1235->1246 1247 7ffd93c0146e-7ffd93c01475 1235->1247 1239 7ffd93c01583-7ffd93c01592 1236->1239 1240 7ffd93c01560-7ffd93c01581 PyErr_Format 1236->1240 1238 7ffd93c015fa-7ffd93c015fc 1237->1238 1238->1244 1257 7ffd93c015fe-7ffd93c01602 1238->1257 1250 7ffd93c015ac-7ffd93c015d7 PyEval_SaveThread PyEval_RestoreThread 1239->1250 1251 7ffd93c01594-7ffd93c015aa PyErr_SetString 1239->1251 1240->1238 1255 7ffd93c016bb-7ffd93c016d1 PyDict_GetItem 1242->1255 1256 7ffd93c01704-7ffd93c01722 PyEval_SaveThread PyEval_RestoreThread 1242->1256 1253 7ffd93c01767-7ffd93c0176a 1243->1253 1254 7ffd93c01697-7ffd93c016a3 1243->1254 1244->1213 1244->1221 1245->1244 1246->1244 1248 7ffd93c01477-7ffd93c0148d PyErr_SetString 1247->1248 1249 7ffd93c01492-7ffd93c014bd PyEval_SaveThread PyEval_RestoreThread 1247->1249 1248->1244 1249->1245 1269 7ffd93c014c3-7ffd93c014d5 call 7ffd93bf4cc0 1249->1269 1272 7ffd93c015d9-7ffd93c015eb call 7ffd93bf4cc0 1250->1272 1273 7ffd93c015ed 1250->1273 1258 7ffd93c015f2 1251->1258 1253->1215 1254->1215 1259 7ffd93c016d3-7ffd93c016d7 1255->1259 1260 7ffd93c016e2-7ffd93c016e5 1255->1260 1256->1215 1257->1244 1261 7ffd93c01604-7ffd93c01607 _Py_Dealloc 1257->1261 1258->1238 1259->1260 1265 7ffd93c016d9-7ffd93c016dc _Py_Dealloc 1259->1265 1266 7ffd93c01727-7ffd93c01739 PyObject_IsSubclass 1260->1266 1267 7ffd93c016e7-7ffd93c016ed PyErr_Clear 1260->1267 1261->1244 1265->1260 1270 7ffd93c0173b-7ffd93c01742 1266->1270 1271 7ffd93c01744-7ffd93c0174e 1266->1271 1268 7ffd93c016f4-7ffd93c016fe PyErr_SetString 1267->1268 1268->1256 1269->1244 1270->1268 1275 7ffd93c01759-7ffd93c01761 1271->1275 1276 7ffd93c01750-7ffd93c01757 1271->1276 1272->1258 1273->1258 1275->1253 1281 7ffd93c01763 1275->1281 1276->1268 1281->1253
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3410823626.00007FFD93BF1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFD93BF0000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410805377.00007FFD93BF0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410864735.00007FFD93C4E000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410893652.00007FFD93C81000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410911924.00007FFD93C8C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410930367.00007FFD93C8D000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410958266.00007FFD93C96000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffd93bf0000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Err_Eval_Object_Thread$D@@@InstanceRestoreSaveStringU_object@@$Dealloc$Arg_ClearCreateDict_FormatFromItemOccurredParseSubclassTuple
                                                                                                                                                                                                                                                        • String ID: OOiO:CoCreateInstance$The Python IID map is invalid - the value is not an interface type object$The Python instance can not be converted to a COM object$The Python object is NULL and no error occurred$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID$_oleobj_$argument is not a COM object (got type=%s)
                                                                                                                                                                                                                                                        • API String ID: 490376945-835438780
                                                                                                                                                                                                                                                        • Opcode ID: e0db31c0a3172582a73f09f7ddf91617fb67f09ea01f749cd19af58f17944bb1
                                                                                                                                                                                                                                                        • Instruction ID: 67075d230dbe4d379f5a93c09d1e6eb1f0c8e7f3e5409036c6da3ee19b509307
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e0db31c0a3172582a73f09f7ddf91617fb67f09ea01f749cd19af58f17944bb1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B8C1E869B08F8282EE319FE5E86427D63A9FF85B84F455436DA4E67764DF3CE4048340
                                                                                                                                                                                                                                                        Function 00007FF715751000 Relevance: 61.8, APIs: 7, Strings: 28, Instructions: 511COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 1282 7ff715751000-7ff715753806 call 7ff71575fe18 call 7ff71575fe20 call 7ff71575c850 call 7ff7157653f0 call 7ff715765484 call 7ff7157536b0 1296 7ff715753808-7ff71575380f 1282->1296 1297 7ff715753814-7ff715753836 call 7ff715751950 1282->1297 1298 7ff715753c97-7ff715753cb2 call 7ff71575c550 1296->1298 1303 7ff71575391b-7ff715753931 call 7ff7157545c0 1297->1303 1304 7ff71575383c-7ff715753856 call 7ff715751c80 1297->1304 1309 7ff71575396a-7ff71575397f call 7ff715752710 1303->1309 1310 7ff715753933-7ff715753960 call 7ff715757f90 1303->1310 1308 7ff71575385b-7ff71575389b call 7ff715758830 1304->1308 1315 7ff71575389d-7ff7157538a3 1308->1315 1316 7ff7157538c1-7ff7157538cc call 7ff715764f30 1308->1316 1324 7ff715753c8f 1309->1324 1322 7ff715753984-7ff7157539a6 call 7ff715751c80 1310->1322 1323 7ff715753962-7ff715753965 call 7ff71576004c 1310->1323 1319 7ff7157538a5-7ff7157538ad 1315->1319 1320 7ff7157538af-7ff7157538bd call 7ff7157589a0 1315->1320 1330 7ff7157539fc-7ff715753a2a call 7ff715758940 call 7ff7157589a0 * 3 1316->1330 1331 7ff7157538d2-7ff7157538e1 call 7ff715758830 1316->1331 1319->1320 1320->1316 1333 7ff7157539b0-7ff7157539b9 1322->1333 1323->1309 1324->1298 1358 7ff715753a2f-7ff715753a3e call 7ff715758830 1330->1358 1340 7ff7157538e7-7ff7157538ed 1331->1340 1341 7ff7157539f4-7ff7157539f7 call 7ff715764f30 1331->1341 1333->1333 1336 7ff7157539bb-7ff7157539d8 call 7ff715751950 1333->1336 1336->1308 1347 7ff7157539de-7ff7157539ef call 7ff715752710 1336->1347 1345 7ff7157538f0-7ff7157538fc 1340->1345 1341->1330 1348 7ff7157538fe-7ff715753903 1345->1348 1349 7ff715753905-7ff715753908 1345->1349 1347->1324 1348->1345 1348->1349 1349->1341 1352 7ff71575390e-7ff715753916 call 7ff715764f30 1349->1352 1352->1358 1361 7ff715753a44-7ff715753a47 1358->1361 1362 7ff715753b45-7ff715753b53 1358->1362 1361->1362 1363 7ff715753a4d-7ff715753a50 1361->1363 1364 7ff715753a67 1362->1364 1365 7ff715753b59-7ff715753b5d 1362->1365 1366 7ff715753b14-7ff715753b17 1363->1366 1367 7ff715753a56-7ff715753a5a 1363->1367 1368 7ff715753a6b-7ff715753a90 call 7ff715764f30 1364->1368 1365->1368 1370 7ff715753b19-7ff715753b1d 1366->1370 1371 7ff715753b2f-7ff715753b40 call 7ff715752710 1366->1371 1367->1366 1369 7ff715753a60 1367->1369 1377 7ff715753aab-7ff715753ac0 1368->1377 1378 7ff715753a92-7ff715753aa6 call 7ff715758940 1368->1378 1369->1364 1370->1371 1373 7ff715753b1f-7ff715753b2a 1370->1373 1379 7ff715753c7f-7ff715753c87 1371->1379 1373->1368 1381 7ff715753be8-7ff715753bfa call 7ff715758830 1377->1381 1382 7ff715753ac6-7ff715753aca 1377->1382 1378->1377 1379->1324 1389 7ff715753bfc-7ff715753c02 1381->1389 1390 7ff715753c2e 1381->1390 1383 7ff715753bcd-7ff715753be2 call 7ff715751940 1382->1383 1384 7ff715753ad0-7ff715753ae8 call 7ff715765250 1382->1384 1383->1381 1383->1382 1395 7ff715753aea-7ff715753b02 call 7ff715765250 1384->1395 1396 7ff715753b62-7ff715753b7a call 7ff715765250 1384->1396 1393 7ff715753c1e-7ff715753c2c 1389->1393 1394 7ff715753c04-7ff715753c1c 1389->1394 1397 7ff715753c31-7ff715753c40 call 7ff715764f30 1390->1397 1393->1397 1394->1397 1395->1383 1406 7ff715753b08-7ff715753b0f 1395->1406 1404 7ff715753b7c-7ff715753b80 1396->1404 1405 7ff715753b87-7ff715753b9f call 7ff715765250 1396->1405 1407 7ff715753c46-7ff715753c4a 1397->1407 1408 7ff715753d41-7ff715753d63 call 7ff7157544e0 1397->1408 1404->1405 1417 7ff715753bac-7ff715753bc4 call 7ff715765250 1405->1417 1418 7ff715753ba1-7ff715753ba5 1405->1418 1406->1383 1410 7ff715753cd4-7ff715753ce6 call 7ff715758830 1407->1410 1411 7ff715753c50-7ff715753c5f call 7ff7157590e0 1407->1411 1421 7ff715753d65-7ff715753d6f call 7ff715754630 1408->1421 1422 7ff715753d71-7ff715753d82 call 7ff715751c80 1408->1422 1427 7ff715753ce8-7ff715753ceb 1410->1427 1428 7ff715753d35-7ff715753d3c 1410->1428 1425 7ff715753cb3-7ff715753cbd call 7ff715758660 1411->1425 1426 7ff715753c61 1411->1426 1417->1383 1439 7ff715753bc6 1417->1439 1418->1417 1430 7ff715753d87-7ff715753d96 1421->1430 1422->1430 1445 7ff715753cc8-7ff715753ccf 1425->1445 1446 7ff715753cbf-7ff715753cc6 1425->1446 1433 7ff715753c68 call 7ff715752710 1426->1433 1427->1428 1434 7ff715753ced-7ff715753d10 call 7ff715751c80 1427->1434 1428->1433 1436 7ff715753d98-7ff715753d9f 1430->1436 1437 7ff715753dc4-7ff715753dda call 7ff715759390 1430->1437 1447 7ff715753c6d-7ff715753c77 1433->1447 1448 7ff715753d2b-7ff715753d33 call 7ff715764f30 1434->1448 1449 7ff715753d12-7ff715753d26 call 7ff715752710 call 7ff715764f30 1434->1449 1436->1437 1443 7ff715753da1-7ff715753da5 1436->1443 1454 7ff715753ddc 1437->1454 1455 7ff715753de8-7ff715753e04 SetDllDirectoryW 1437->1455 1439->1383 1443->1437 1450 7ff715753da7-7ff715753dbe SetDllDirectoryW LoadLibraryExW 1443->1450 1445->1430 1446->1433 1447->1379 1448->1430 1449->1447 1450->1437 1454->1455 1458 7ff715753e0a-7ff715753e19 call 7ff715758830 1455->1458 1459 7ff715753f01-7ff715753f08 1455->1459 1471 7ff715753e1b-7ff715753e21 1458->1471 1472 7ff715753e32-7ff715753e3c call 7ff715764f30 1458->1472 1461 7ff715753f0e-7ff715753f15 1459->1461 1462 7ff715754008-7ff715754010 1459->1462 1461->1462 1465 7ff715753f1b-7ff715753f25 call 7ff7157533c0 1461->1465 1466 7ff715754035-7ff715754040 call 7ff7157536a0 call 7ff715753360 1462->1466 1467 7ff715754012-7ff71575402f PostMessageW GetMessageW 1462->1467 1465->1447 1479 7ff715753f2b-7ff715753f3f call 7ff7157590c0 1465->1479 1481 7ff715754045-7ff715754067 call 7ff715753670 call 7ff715756fc0 call 7ff715756d70 1466->1481 1467->1466 1473 7ff715753e2d-7ff715753e2f 1471->1473 1474 7ff715753e23-7ff715753e2b 1471->1474 1482 7ff715753ef2-7ff715753efc call 7ff715758940 1472->1482 1483 7ff715753e42-7ff715753e48 1472->1483 1473->1472 1474->1473 1492 7ff715753f64-7ff715753fa7 call 7ff715758940 call 7ff7157589e0 call 7ff715756fc0 call 7ff715756d70 call 7ff7157588e0 1479->1492 1493 7ff715753f41-7ff715753f5e PostMessageW GetMessageW 1479->1493 1482->1459 1483->1482 1487 7ff715753e4e-7ff715753e54 1483->1487 1490 7ff715753e56-7ff715753e58 1487->1490 1491 7ff715753e5f-7ff715753e61 1487->1491 1496 7ff715753e67-7ff715753e83 call 7ff715756dc0 call 7ff715757340 1490->1496 1497 7ff715753e5a 1490->1497 1491->1459 1491->1496 1531 7ff715753fa9-7ff715753fbf call 7ff715758ed0 call 7ff7157588e0 1492->1531 1532 7ff715753ff5-7ff715754003 call 7ff715751900 1492->1532 1493->1492 1510 7ff715753e8e-7ff715753e95 1496->1510 1511 7ff715753e85-7ff715753e8c 1496->1511 1497->1459 1513 7ff715753e97-7ff715753ea4 call 7ff715756e00 1510->1513 1514 7ff715753eaf-7ff715753eb9 call 7ff7157571b0 1510->1514 1512 7ff715753edb-7ff715753ef0 call 7ff715752a50 call 7ff715756fc0 call 7ff715756d70 1511->1512 1512->1459 1513->1514 1525 7ff715753ea6-7ff715753ead 1513->1525 1526 7ff715753ebb-7ff715753ec2 1514->1526 1527 7ff715753ec4-7ff715753ed2 call 7ff7157574f0 1514->1527 1525->1512 1526->1512 1527->1459 1539 7ff715753ed4 1527->1539 1531->1532 1543 7ff715753fc1-7ff715753fd6 1531->1543 1532->1447 1539->1512 1544 7ff715753fd8-7ff715753feb call 7ff715752710 call 7ff715751900 1543->1544 1545 7ff715753ff0 call 7ff715752a50 1543->1545 1544->1447 1545->1532
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3410704832.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410690573.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410728111.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410748924.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410748924.00007FF715791000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410783363.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ErrorFileLastModuleName
                                                                                                                                                                                                                                                        • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag$pyi-runtime-tmpdir
                                                                                                                                                                                                                                                        • API String ID: 2776309574-4232158417
                                                                                                                                                                                                                                                        • Opcode ID: d52c1960cc45de78c26c9f57622ace5a14626686e839aa839f1fc42fe00fc1f1
                                                                                                                                                                                                                                                        • Instruction ID: 58dd2ba80dbce8395e45d855a4c0d074b63ba3ff94bdad1ae7dd072854ad1923
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d52c1960cc45de78c26c9f57622ace5a14626686e839aa839f1fc42fe00fc1f1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 91328161A28E8251FA1DBB24D45A2B9A771AF4CF60FC44436DA5D432F6EF2CE55CC320
                                                                                                                                                                                                                                                        Function 00007FF715776964 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3410704832.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410690573.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410728111.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410748924.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410748924.00007FF715791000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410783363.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 1617910340-0
                                                                                                                                                                                                                                                        • Opcode ID: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
                                                                                                                                                                                                                                                        • Instruction ID: 9e28f6dbed1c0a98924333fb5d748b672a487cfc5098a4c8f175e3712142711a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 68C1D036B28E4285EB18EF69D0966AC7761F749FA8B910235DA1E573A8DF38D019C310
                                                                                                                                                                                                                                                        Function 00007FF715759280 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3410704832.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410690573.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410728111.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410748924.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410748924.00007FF715791000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410783363.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 2295610775-0
                                                                                                                                                                                                                                                        • Opcode ID: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
                                                                                                                                                                                                                                                        • Instruction ID: 458ad79b6f898083fe1769401eae53a4fded3e0317c57a0229e07f52979f8c2b
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AFF0CD22A28B4186F7649B50B48E776B360EB49B38F840335DA6D01AE4DF3CD04CC700
                                                                                                                                                                                                                                                        Function 00007FFD9F3CEFE0 Relevance: 306.6, APIs: 93, Strings: 82, Instructions: 391libraryloaderCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412833876.00007FFD9F3C1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FFD9F3C0000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412815017.00007FFD9F3C0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412855086.00007FFD9F3D3000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412872455.00007FFD9F3DE000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412888104.00007FFD9F3E1000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffd9f3c0000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Module_$Constant$AddressProc$Dict_ItemString$HandleLibraryLoadModule$FromLongLong_$CallerCreate2DictEnsure@@Globals_ReadyType_
                                                                                                                                                                                                                                                        • String ID: Advapi32.dll$ChangeDisplaySettingsExW$EnumDisplayDevicesW$EnumDisplayMonitors$EnumDisplaySettingsExW$GetComputerNameExW$GetComputerObjectNameW$GetDllDirectoryW$GetHandleInformation$GetLastInputInfo$GetLongPathNameA$GetLongPathNameW$GetMonitorInfoW$GetNativeSystemInfo$GetSystemFileCacheSize$GetUserNameExW$GlobalMemoryStatusEx$MonitorFromPoint$MonitorFromRect$MonitorFromWindow$NameCanonical$NameCanonicalEx$NameDisplay$NameFullyQualifiedDN$NameSamCompatible$NameServicePrincipal$NameUniqueId$NameUnknown$NameUserPrincipal$PyDISPLAY_DEVICEType$REG_NOTIFY_CHANGE_ATTRIBUTES$REG_NOTIFY_CHANGE_LAST_SET$REG_NOTIFY_CHANGE_NAME$REG_NOTIFY_CHANGE_SECURITY$RegCopyTreeW$RegCreateKeyTransactedW$RegDeleteKeyExW$RegDeleteKeyTransactedW$RegDeleteTreeW$RegOpenCurrentUser$RegOpenKeyTransactedW$RegOverridePredefKey$RegRestoreKeyW$RegSaveKeyExW$STD_ERROR_HANDLE$STD_INPUT_HANDLE$STD_OUTPUT_HANDLE$SetDllDirectoryW$SetHandleInformation$SetSystemFileCacheSize$SetSystemPowerState$VFT_APP$VFT_DLL$VFT_DRV$VFT_FONT$VFT_STATIC_LIB$VFT_UNKNOWN$VFT_VXD$VOS_DOS$VOS_DOS_WINDOWS16$VOS_DOS_WINDOWS32$VOS_NT$VOS_NT_WINDOWS32$VOS_OS216$VOS_OS216_PM16$VOS_OS232$VOS_OS232_PM32$VOS_UNKNOWN$VOS__PM16$VOS__PM32$VOS__WINDOWS16$VOS__WINDOWS32$VS_FF_DEBUG$VS_FF_INFOINFERRED$VS_FF_PATCHED$VS_FF_PRERELEASE$VS_FF_PRIVATEBUILD$VS_FF_SPECIALBUILD$error$kernel32.dll$secur32.dll$user32.dll
                                                                                                                                                                                                                                                        • API String ID: 1655756704-685172649
                                                                                                                                                                                                                                                        • Opcode ID: a7487b2dee23a116e8347555e7407e29fd53b6a731b5dd2c7359c43d764bff69
                                                                                                                                                                                                                                                        • Instruction ID: 18ad3fa4c4cdf3a06251815b2829a54982cf765d1edec11a2643252e632889dc
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a7487b2dee23a116e8347555e7407e29fd53b6a731b5dd2c7359c43d764bff69
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1122E864B08B03A1EB25BB95E9741B827A1FF49B91F84523DC85E0F724EF3EA559C340
                                                                                                                                                                                                                                                        Function 00007FFD93BFB360 Relevance: 93.5, APIs: 47, Strings: 6, Instructions: 727COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3410823626.00007FFD93BF1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFD93BF0000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410805377.00007FFD93BF0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410864735.00007FFD93C4E000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410893652.00007FFD93C81000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410911924.00007FFD93C8C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410930367.00007FFD93C8D000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410958266.00007FFD93C96000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffd93bf0000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Err_$LongLong_$Object_Size$ClearDeallocFormatOccurredString
                                                                                                                                                                                                                                                        • String ID: Allocating ArgHelpers array$The Python object is invalid$The array of argument types must be a tuple whose size is <= to the number of arguments.$The return type information could not be parsed$not enough arguments (at least 5 needed)$value
                                                                                                                                                                                                                                                        • API String ID: 2033694642-4244552354
                                                                                                                                                                                                                                                        • Opcode ID: eec55bf21228184a5226df997738aaa74b7416cdae626d13d11f0294432222ce
                                                                                                                                                                                                                                                        • Instruction ID: f1b15a509b9dba043391bcffbdc16e4241942144d99fbe2e7c3b17ed36f3926d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: eec55bf21228184a5226df997738aaa74b7416cdae626d13d11f0294432222ce
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 17629F36B08B5286EB24DFA5D8642BD6BA4FF44B98F515235DE4E63B94DF38E444C300
                                                                                                                                                                                                                                                        Function 00007FFDA35A1C1C Relevance: 70.6, APIs: 37, Strings: 3, Instructions: 608COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413120619.00007FFDA35A1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDA35A0000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413103779.00007FFDA35A0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413120619.00007FFDA3623000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413193437.00007FFDA3625000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413218182.00007FFDA364D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413238640.00007FFDA3652000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413238640.00007FFDA3658000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413238640.00007FFDA3660000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda35a0000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: R_newR_set_debug$memcpy$L_cleanseO_clear_flagsO_set_flags
                                                                                                                                                                                                                                                        • String ID: ..\s\ssl\record\rec_layer_s3.c$SSL alert number %d$ssl3_read_bytes
                                                                                                                                                                                                                                                        • API String ID: 480058824-3615793073
                                                                                                                                                                                                                                                        • Opcode ID: 6ce1f1e6ab867371c9ac5fdbcfd9244af31884eb36a4143032fe0f8282fb1a6d
                                                                                                                                                                                                                                                        • Instruction ID: 56d52bdd5b80ff13311324abf6cf98f587b84601882b629f12ca6b342ea26613
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6ce1f1e6ab867371c9ac5fdbcfd9244af31884eb36a4143032fe0f8282fb1a6d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 18526D31B0E68282FA66DB19D4603B92692EF41784F685135DA4E677DBDF3FE840C708
                                                                                                                                                                                                                                                        Function 00007FFDA3678470 Relevance: 45.7, APIs: 21, Strings: 5, Instructions: 190threadCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 1551 7ffda3678470-7ffda36784d4 _errno 1552 7ffda3678500-7ffda367850f PyUnicode_FSConverter 1551->1552 1553 7ffda36784d6-7ffda36784d9 1551->1553 1554 7ffda3678532-7ffda3678535 1552->1554 1555 7ffda3678511-7ffda3678523 PyErr_ExceptionMatches 1552->1555 1556 7ffda36784db-7ffda36784de 1553->1556 1557 7ffda3678537-7ffda3678546 PyUnicode_FSConverter 1553->1557 1554->1557 1560 7ffda3678569-7ffda367856c 1554->1560 1558 7ffda3678529-7ffda3678530 1555->1558 1559 7ffda36786d5 1555->1559 1562 7ffda36784e4 1556->1562 1563 7ffda367856e-7ffda367857f 1556->1563 1557->1560 1561 7ffda3678548-7ffda367855a PyErr_ExceptionMatches 1557->1561 1564 7ffda36784eb-7ffda36784fb PyErr_SetString 1558->1564 1565 7ffda36786d7-7ffda36786de 1559->1565 1560->1563 1567 7ffda36785e9-7ffda36785ec 1560->1567 1561->1559 1566 7ffda3678560-7ffda3678567 1561->1566 1562->1564 1568 7ffda3678581-7ffda367858d PyUnicode_AsASCIIString 1563->1568 1569 7ffda36785f9-7ffda3678601 PyObject_CheckBuffer 1563->1569 1564->1559 1572 7ffda36786f1-7ffda36786f8 1565->1572 1573 7ffda36786e0-7ffda36786e3 1565->1573 1566->1564 1570 7ffda367865f-7ffda367866a 1567->1570 1571 7ffda36785ee-7ffda36785f1 1567->1571 1576 7ffda36785b3-7ffda36785cc call 7ffda3674f10 1568->1576 1577 7ffda367858f-7ffda36785a1 PyErr_ExceptionMatches 1568->1577 1574 7ffda3678603-7ffda3678615 PyObject_GetBuffer 1569->1574 1575 7ffda36785a7-7ffda36785ae 1569->1575 1584 7ffda3678674-7ffda367869a PyEval_SaveThread SSL_CTX_load_verify_locations PyEval_RestoreThread 1570->1584 1585 7ffda367866c-7ffda3678670 1570->1585 1571->1565 1578 7ffda36785f7 1571->1578 1581 7ffda367870b-7ffda3678731 1572->1581 1582 7ffda36786fa-7ffda36786fd 1572->1582 1573->1572 1579 7ffda36786e5-7ffda36786e9 1573->1579 1574->1559 1580 7ffda367861b-7ffda367861e 1574->1580 1575->1564 1596 7ffda36785ce-7ffda36785d1 1576->1596 1597 7ffda36785dc-7ffda36785e0 1576->1597 1577->1559 1577->1575 1578->1585 1579->1572 1587 7ffda36786eb _Py_Dealloc 1579->1587 1588 7ffda3678620-7ffda3678631 PyBuffer_Release 1580->1588 1589 7ffda3678636-7ffda367865b call 7ffda3674f10 PyBuffer_Release 1580->1589 1582->1581 1590 7ffda36786ff-7ffda3678703 1582->1590 1584->1565 1586 7ffda367869c-7ffda36786a5 _errno 1584->1586 1585->1584 1592 7ffda36786bf-7ffda36786d0 call 7ffda3676750 1586->1592 1593 7ffda36786a7-7ffda36786bd PyErr_SetFromErrno ERR_clear_error 1586->1593 1587->1572 1588->1564 1589->1559 1602 7ffda367865d 1589->1602 1590->1581 1595 7ffda3678705 _Py_Dealloc 1590->1595 1592->1559 1593->1559 1595->1581 1596->1597 1598 7ffda36785d3-7ffda36785d6 _Py_Dealloc 1596->1598 1597->1559 1599 7ffda36785e6 1597->1599 1598->1597 1599->1567 1602->1567
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Err_$DeallocExceptionMatchesUnicode_$BufferBuffer_ConverterEval_Object_ReleaseStringThread_errno$CheckErrnoFromR_clear_errorRestoreSaveX_load_verify_locations
                                                                                                                                                                                                                                                        • String ID: cadata should be a contiguous buffer with a single dimension$cadata should be an ASCII string or a bytes-like object$cafile should be a valid filesystem path$cafile, capath and cadata cannot be all omitted$capath should be a valid filesystem path
                                                                                                                                                                                                                                                        • API String ID: 3514852180-3904065072
                                                                                                                                                                                                                                                        • Opcode ID: 4b569e1828d5298e13ff4229d83b18081c11c23e268f6572ed8ed53cd8f90d79
                                                                                                                                                                                                                                                        • Instruction ID: 0d1f7cc709685782c187b263862e204063526ff63c1ad21bc2a8e7ccc5f3dd03
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4b569e1828d5298e13ff4229d83b18081c11c23e268f6572ed8ed53cd8f90d79
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F7817421B0BA0685FB608F25D56527923A2BF44BD8F9C2431DD0E67796DF3EE848C308
                                                                                                                                                                                                                                                        Function 00007FFD93C02950 Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 126threadCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 1603 7ffd93c02950-7ffd93c0297a PyArg_ParseTuple 1604 7ffd93c02b44-7ffd93c02b57 call 7ffd93c49e60 1603->1604 1605 7ffd93c02980-7ffd93c02992 ?PyWinObject_AsIID@@YAHPEAU_object@@PEAU_GUID@@@Z 1603->1605 1605->1604 1607 7ffd93c02998-7ffd93c029d6 PyEval_SaveThread GetActiveObject PyEval_RestoreThread 1605->1607 1609 7ffd93c029dc-7ffd93c029e1 1607->1609 1610 7ffd93c02b32-7ffd93c02b42 call 7ffd93bf4cc0 1607->1610 1609->1610 1612 7ffd93c029e7-7ffd93c02a29 PyEval_SaveThread PyEval_RestoreThread 1609->1612 1614 7ffd93c02aff-7ffd93c02b1f call 7ffd93c49e60 1610->1614 1619 7ffd93c02b20-7ffd93c02b30 call 7ffd93bf4cc0 1612->1619 1620 7ffd93c02a2f-7ffd93c02a37 1612->1620 1628 7ffd93c02afa 1619->1628 1620->1619 1621 7ffd93c02a3d-7ffd93c02a50 ?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z 1620->1621 1623 7ffd93c02a9a-7ffd93c02ab5 PyEval_SaveThread PyEval_RestoreThread 1621->1623 1624 7ffd93c02a52-7ffd93c02a67 PyDict_GetItem 1621->1624 1636 7ffd93c02af7 1623->1636 1626 7ffd93c02a69-7ffd93c02a6d 1624->1626 1627 7ffd93c02a78-7ffd93c02a7b 1624->1627 1626->1627 1629 7ffd93c02a6f-7ffd93c02a72 _Py_Dealloc 1626->1629 1630 7ffd93c02ab7-7ffd93c02ac9 PyObject_IsSubclass 1627->1630 1631 7ffd93c02a7d-7ffd93c02a83 PyErr_Clear 1627->1631 1628->1614 1629->1627 1634 7ffd93c02acb-7ffd93c02ad2 1630->1634 1635 7ffd93c02ad4-7ffd93c02ade 1630->1635 1633 7ffd93c02a8a-7ffd93c02a94 PyErr_SetString 1631->1633 1633->1623 1634->1633 1637 7ffd93c02ae9-7ffd93c02af1 1635->1637 1638 7ffd93c02ae0-7ffd93c02ae7 1635->1638 1636->1628 1637->1636 1640 7ffd93c02af3 1637->1640 1638->1633 1640->1636
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3410823626.00007FFD93BF1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFD93BF0000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410805377.00007FFD93BF0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410864735.00007FFD93C4E000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410893652.00007FFD93C81000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410911924.00007FFD93C8C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410930367.00007FFD93C8D000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410958266.00007FFD93C96000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffd93bf0000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Eval_Thread$Object_RestoreSave$D@@@Err_U_object@@$ActiveArg_ClearDeallocDict_FromItemObjectParseStringSubclassTuple
                                                                                                                                                                                                                                                        • String ID: O:Connect$The Python IID map is invalid - the value is not an interface type object$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                                                                                                                                                                                                        • API String ID: 3189202653-685158464
                                                                                                                                                                                                                                                        • Opcode ID: fb32afdec469271614cca1a4a8ef09c28be4a29631b2a3156b5743866c1a9132
                                                                                                                                                                                                                                                        • Instruction ID: 48f65b5e41132242d78ecf0a1afb3ee38fe00f4d567f7dba2a6f9698f531609d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fb32afdec469271614cca1a4a8ef09c28be4a29631b2a3156b5743866c1a9132
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 51512021B08F8285EE749FA6E86417D63A9FF88B84F454036DA4E67764DF3CE505C740
                                                                                                                                                                                                                                                        Function 00007FFDA35A14BF Relevance: 31.7, APIs: 16, Strings: 2, Instructions: 229COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 1641 7ffda35a14bf-7ffda35ff1b6 call 7ffda35a1325 * 2 1648 7ffda35ff1bc-7ffda35ff1d3 ERR_clear_error SetLastError 1641->1648 1649 7ffda35ff4d4-7ffda35ff4ee 1641->1649 1650 7ffda35ff1d5-7ffda35ff1dc 1648->1650 1651 7ffda35ff1e3-7ffda35ff1ea 1648->1651 1650->1651 1652 7ffda35ff1ec-7ffda35ff1f0 1651->1652 1653 7ffda35ff1f8-7ffda35ff202 1651->1653 1654 7ffda35ff214-7ffda35ff219 1652->1654 1655 7ffda35ff1f2-7ffda35ff1f6 1652->1655 1653->1654 1656 7ffda35ff204-7ffda35ff20e call 7ffda35a192e 1653->1656 1658 7ffda35ff21b-7ffda35ff21e 1654->1658 1659 7ffda35ff225 1654->1659 1655->1653 1655->1654 1656->1649 1656->1654 1660 7ffda35ff229-7ffda35ff230 1658->1660 1662 7ffda35ff220 1658->1662 1659->1660 1663 7ffda35ff275-7ffda35ff28a 1660->1663 1664 7ffda35ff232-7ffda35ff239 1660->1664 1665 7ffda35ff3f1-7ffda35ff3f4 1662->1665 1668 7ffda35ff28c-7ffda35ff296 1663->1668 1669 7ffda35ff2d9-7ffda35ff2e3 1663->1669 1666 7ffda35ff23b-7ffda35ff242 1664->1666 1667 7ffda35ff265-7ffda35ff270 1664->1667 1670 7ffda35ff409-7ffda35ff40c 1665->1670 1671 7ffda35ff3f6-7ffda35ff3f9 call 7ffda35fecc0 1665->1671 1666->1667 1675 7ffda35ff244-7ffda35ff253 1666->1675 1667->1663 1674 7ffda35ff2f1-7ffda35ff308 call 7ffda35a20cc 1668->1674 1678 7ffda35ff298-7ffda35ff29b 1668->1678 1673 7ffda35ff2e5-7ffda35ff2ef ERR_new 1669->1673 1669->1674 1676 7ffda35ff440-7ffda35ff444 1670->1676 1677 7ffda35ff40e-7ffda35ff411 call 7ffda35ff6b0 1670->1677 1681 7ffda35ff3fe-7ffda35ff401 1671->1681 1682 7ffda35ff2ae-7ffda35ff2d4 ERR_set_debug call 7ffda35a1d8e 1673->1682 1699 7ffda35ff30a-7ffda35ff314 ERR_new 1674->1699 1700 7ffda35ff316-7ffda35ff31d 1674->1700 1675->1667 1683 7ffda35ff255-7ffda35ff25c 1675->1683 1679 7ffda35ff44b-7ffda35ff479 ERR_new ERR_set_debug call 7ffda35a1d8e 1676->1679 1680 7ffda35ff446-7ffda35ff449 1676->1680 1695 7ffda35ff416-7ffda35ff419 1677->1695 1686 7ffda35ff2a4-7ffda35ff2a9 ERR_new 1678->1686 1687 7ffda35ff29d-7ffda35ff2a2 1678->1687 1692 7ffda35ff47e-7ffda35ff4a8 ERR_new ERR_set_debug ERR_set_error 1679->1692 1680->1679 1680->1692 1690 7ffda35ff407 1681->1690 1691 7ffda35ff4ad-7ffda35ff4bb BUF_MEM_free 1681->1691 1682->1691 1683->1667 1694 7ffda35ff25e-7ffda35ff263 1683->1694 1686->1682 1687->1674 1687->1686 1697 7ffda35ff3e8-7ffda35ff3ed 1690->1697 1691->1649 1698 7ffda35ff4bd-7ffda35ff4cb 1691->1698 1692->1691 1694->1663 1694->1667 1701 7ffda35ff41b-7ffda35ff42b 1695->1701 1702 7ffda35ff42d-7ffda35ff430 1695->1702 1697->1665 1703 7ffda35ff4d2 1698->1703 1704 7ffda35ff4cd 1698->1704 1699->1682 1705 7ffda35ff366-7ffda35ff370 call 7ffda35a207c 1700->1705 1706 7ffda35ff31f-7ffda35ff32a call 7ffda361de03 1700->1706 1701->1665 1702->1691 1707 7ffda35ff432-7ffda35ff43e 1702->1707 1703->1649 1704->1703 1712 7ffda35ff372-7ffda35ff37c ERR_new 1705->1712 1713 7ffda35ff381-7ffda35ff399 call 7ffda35a1ff5 1705->1713 1714 7ffda35ff32c-7ffda35ff336 ERR_new 1706->1714 1715 7ffda35ff33b-7ffda35ff34b call 7ffda361d335 1706->1715 1707->1691 1712->1682 1722 7ffda35ff39b-7ffda35ff3a5 ERR_new 1713->1722 1723 7ffda35ff3aa-7ffda35ff3ae 1713->1723 1714->1682 1720 7ffda35ff35c-7ffda35ff363 1715->1720 1721 7ffda35ff34d-7ffda35ff357 ERR_new 1715->1721 1720->1705 1721->1682 1722->1682 1724 7ffda35ff3b6-7ffda35ff3bd 1723->1724 1725 7ffda35ff3b0-7ffda35ff3b4 1723->1725 1724->1697 1726 7ffda35ff3bf-7ffda35ff3c9 call 7ffda35a186b 1724->1726 1725->1724 1725->1726 1726->1691 1729 7ffda35ff3cf-7ffda35ff3d6 1726->1729 1730 7ffda35ff3d8-7ffda35ff3df 1729->1730 1731 7ffda35ff3e1 1729->1731 1730->1697 1730->1731 1731->1697
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413120619.00007FFDA35A1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDA35A0000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413103779.00007FFDA35A0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413120619.00007FFDA3623000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413193437.00007FFDA3625000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413218182.00007FFDA364D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413238640.00007FFDA3652000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413238640.00007FFDA3658000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413238640.00007FFDA3660000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda35a0000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: R_new$R_set_debug$ErrorLastM_freeR_clear_errorR_set_error
                                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem.c$state_machine
                                                                                                                                                                                                                                                        • API String ID: 1370845099-1722249466
                                                                                                                                                                                                                                                        • Opcode ID: 0d32384d7316208965964d29d91abcf0daa34d1bc1be83e9d84aa4d08f48a424
                                                                                                                                                                                                                                                        • Instruction ID: eba9d6965e03afe38c83d17e0b33c70153ae89feaadcbc98fee9b8a7cda8b9d2
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0d32384d7316208965964d29d91abcf0daa34d1bc1be83e9d84aa4d08f48a424
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 08A16231F0F64281FB66AAA9D8613BD2292EF41B44F184436D90D66FDBCE3EE4418319
                                                                                                                                                                                                                                                        Function 00007FFDA3545ED0 Relevance: 31.6, APIs: 13, Strings: 5, Instructions: 96COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Err_String$CharClearFreeMem_Unicode_Wide
                                                                                                                                                                                                                                                        • String ID: <NULL!!>$None is not a valid string in this context$Objects of type '%s' can not be converted to Unicode.$Only strings and iids can be converted to a CLSID.$value is larger than a DWORD
                                                                                                                                                                                                                                                        • API String ID: 443722841-2914159855
                                                                                                                                                                                                                                                        • Opcode ID: 37b0708b124ef805f6eafb4413cb45e7aa50632965b2a1696fc48efc4bb87208
                                                                                                                                                                                                                                                        • Instruction ID: 3808edb4a2ca65abc6244fb03b47155356da215fa78120ad2df0637e54044e54
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 37b0708b124ef805f6eafb4413cb45e7aa50632965b2a1696fc48efc4bb87208
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 75415E61F0AB4281EF568B1DE4602782763BF88BD4F444131D90F67B66DF6EF5448708
                                                                                                                                                                                                                                                        Function 00007FFD93C41010 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 178threadCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 1755 7ffd93c41010-7ffd93c41070 PyEval_SaveThread LHashValOfNameSys 1756 7ffd93c41077-7ffd93c41084 PyEval_RestoreThread 1755->1756 1757 7ffd93c410a3-7ffd93c410a9 1756->1757 1758 7ffd93c41086-7ffd93c410a2 call 7ffd93bf4cc0 1756->1758 1760 7ffd93c410af-7ffd93c410b2 1757->1760 1761 7ffd93c41251-7ffd93c4125d 1757->1761 1765 7ffd93c410b8-7ffd93c410bb 1760->1765 1766 7ffd93c41229-7ffd93c4124f call 7ffd93c14570 1760->1766 1763 7ffd93c4125f-7ffd93c41261 1761->1763 1764 7ffd93c41268-7ffd93c41270 1761->1764 1763->1764 1770 7ffd93c41272 1764->1770 1771 7ffd93c41278-7ffd93c4127b 1764->1771 1767 7ffd93c41201-7ffd93c4120e call 7ffd93c433c0 1765->1767 1768 7ffd93c410c1-7ffd93c410c4 1765->1768 1766->1764 1782 7ffd93c41211-7ffd93c41227 1767->1782 1772 7ffd93c41128-7ffd93c41133 1768->1772 1773 7ffd93c410c6-7ffd93c410c9 1768->1773 1770->1771 1775 7ffd93c4127d-7ffd93c4128e PyTuple_New 1771->1775 1776 7ffd93c412b2-7ffd93c412c0 1771->1776 1772->1761 1781 7ffd93c41139-7ffd93c4114c ?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z 1772->1781 1773->1761 1778 7ffd93c410cf-7ffd93c410f0 PyTuple_New 1773->1778 1775->1776 1780 7ffd93c41290-7ffd93c412b1 PyLong_FromLong 1775->1780 1790 7ffd93c410f2-7ffd93c41114 call 7ffd93c433c0 call 7ffd93c41010 1778->1790 1791 7ffd93c41118-7ffd93c41123 1778->1791 1784 7ffd93c41170-7ffd93c41186 PyDict_GetItem 1781->1784 1785 7ffd93c4114e-7ffd93c41163 PyEval_SaveThread PyEval_RestoreThread 1781->1785 1782->1764 1787 7ffd93c41188-7ffd93c4118c 1784->1787 1788 7ffd93c41197-7ffd93c4119a 1784->1788 1796 7ffd93c41169-7ffd93c4116b 1785->1796 1787->1788 1792 7ffd93c4118e-7ffd93c41191 _Py_Dealloc 1787->1792 1794 7ffd93c4119c-7ffd93c411a2 PyErr_Clear 1788->1794 1795 7ffd93c411bb-7ffd93c411cd PyObject_IsSubclass 1788->1795 1790->1791 1791->1782 1792->1788 1798 7ffd93c411a9-7ffd93c411b9 PyErr_SetString 1794->1798 1799 7ffd93c411cf-7ffd93c411d6 1795->1799 1800 7ffd93c411d8-7ffd93c411e2 1795->1800 1796->1764 1798->1785 1799->1798 1802 7ffd93c411ed-7ffd93c411f5 1800->1802 1803 7ffd93c411e4-7ffd93c411eb 1800->1803 1802->1796 1808 7ffd93c411fb-7ffd93c411ff 1802->1808 1803->1798 1808->1764
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • PyEval_SaveThread.PYTHON313(?,?,?,?,?,?,?,?,?,00007FFD93C40F55), ref: 00007FFD93C41026
                                                                                                                                                                                                                                                        • LHashValOfNameSys.OLEAUT32 ref: 00007FFD93C4103C
                                                                                                                                                                                                                                                        • PyEval_RestoreThread.PYTHON313(?,?,?,?,?,?,?,?,?,00007FFD93C40F55), ref: 00007FFD93C4107C
                                                                                                                                                                                                                                                        • PyTuple_New.PYTHON313(?,?,?,?,?,?,?,?,?,00007FFD93C40F55), ref: 00007FFD93C410E4
                                                                                                                                                                                                                                                        • PyTuple_New.PYTHON313(?,?,?,?,?,?,?,?,?,00007FFD93C40F55), ref: 00007FFD93C41282
                                                                                                                                                                                                                                                        • PyLong_FromLong.PYTHON313(?,?,?,?,?,?,?,?,?,00007FFD93C40F55), ref: 00007FFD93C41294
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFD93BF4CC0: PyEval_SaveThread.PYTHON313 ref: 00007FFD93BF4CFC
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFD93BF4CC0: PyEval_RestoreThread.PYTHON313 ref: 00007FFD93BF4D3F
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFD93BF4CC0: PyEval_SaveThread.PYTHON313 ref: 00007FFD93BF4D49
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFD93BF4CC0: GetErrorInfo.OLEAUT32 ref: 00007FFD93BF4D59
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFD93BF4CC0: PyEval_RestoreThread.PYTHON313 ref: 00007FFD93BF4D64
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFD93BF4CC0: PyEval_SaveThread.PYTHON313 ref: 00007FFD93BF4D85
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFD93BF4CC0: PyEval_RestoreThread.PYTHON313 ref: 00007FFD93BF4D9C
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFD93BF4CC0: ?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z.PYWINTYPES313 ref: 00007FFD93BF4DBC
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFD93BF4CC0: Py_BuildValue.PYTHON313 ref: 00007FFD93BF4DDD
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFD93BF4CC0: _Py_Dealloc.PYTHON313 ref: 00007FFD93BF4DF4
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFD93BF4CC0: PyErr_SetObject.PYTHON313 ref: 00007FFD93BF4E07
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFD93BF4CC0: _Py_Dealloc.PYTHON313 ref: 00007FFD93BF4E20
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        • The type does not declare a PyCom constructor, xrefs: 00007FFD93C411E4
                                                                                                                                                                                                                                                        • There is no interface object registered that supports this IID, xrefs: 00007FFD93C411A2
                                                                                                                                                                                                                                                        • The Python IID map is invalid - the value is not an interface type object, xrefs: 00007FFD93C411CF
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3410823626.00007FFD93BF1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFD93BF0000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410805377.00007FFD93BF0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410864735.00007FFD93C4E000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410893652.00007FFD93C81000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410911924.00007FFD93C8C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410930367.00007FFD93C8D000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410958266.00007FFD93C96000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffd93bf0000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Eval_Thread$RestoreSave$DeallocFromTuple_$BuildErr_ErrorHashInfoLongLong_NameObjectObject_U_object@@Value
                                                                                                                                                                                                                                                        • String ID: The Python IID map is invalid - the value is not an interface type object$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID
                                                                                                                                                                                                                                                        • API String ID: 3698739723-49823770
                                                                                                                                                                                                                                                        • Opcode ID: 5804f62f2bd91cdc706f36869b61dbd82ed5bf92c8980cc4d7a103c0c7ca2645
                                                                                                                                                                                                                                                        • Instruction ID: 4143ed3ae1f96fae832fcd91659d042c7a8b0d3c83609f435431dafa28fbddb2
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5804f62f2bd91cdc706f36869b61dbd82ed5bf92c8980cc4d7a103c0c7ca2645
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 52712E22B0DF4282EA749FA5E46827D63A8FF89B94F454035DA8EA7794DF2DE444C700
                                                                                                                                                                                                                                                        Function 00007FFDA36791B8 Relevance: 29.9, APIs: 13, Strings: 4, Instructions: 163threadCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 1809 7ffda36791b8-7ffda36791ed call 7ffda3673c98 1813 7ffda36791f3-7ffda36791fa 1809->1813 1814 7ffda367928b 1809->1814 1816 7ffda3679222-7ffda3679227 1813->1816 1817 7ffda36791fc-7ffda367921d call 7ffda3676750 1813->1817 1815 7ffda367928e 1814->1815 1821 7ffda3679291-7ffda36792bb PyEval_SaveThread SSL_do_handshake call 7ffda3674c3c 1815->1821 1819 7ffda367922b-7ffda3679277 SSL_get_rbio BIO_ctrl SSL_get_wbio BIO_ctrl 1816->1819 1820 7ffda3679229 1816->1820 1825 7ffda36793ce 1817->1825 1819->1815 1823 7ffda3679279-7ffda3679289 _PyDeadline_Init 1819->1823 1820->1819 1826 7ffda36792c0-7ffda36792fa PyEval_RestoreThread PyErr_CheckSignals 1821->1826 1823->1821 1829 7ffda36793d0-7ffda36793ed 1825->1829 1827 7ffda3679300-7ffda3679303 1826->1827 1828 7ffda36793ae-7ffda36793b1 1826->1828 1832 7ffda3679311-7ffda3679318 1827->1832 1833 7ffda3679305-7ffda367930e _PyDeadline_Get 1827->1833 1830 7ffda36793b3-7ffda36793b5 1828->1830 1831 7ffda36793c6-7ffda36793c9 call 7ffda3673f9c 1828->1831 1830->1831 1834 7ffda36793b7-7ffda36793bb 1830->1834 1831->1825 1836 7ffda367931e-7ffda3679321 1832->1836 1837 7ffda367931a-7ffda367931c 1832->1837 1833->1832 1834->1831 1840 7ffda36793bd-7ffda36793c0 _Py_Dealloc 1834->1840 1838 7ffda3679323 1836->1838 1839 7ffda3679348-7ffda367934b 1836->1839 1841 7ffda3679326-7ffda3679334 call 7ffda36744e4 1837->1841 1838->1841 1839->1821 1843 7ffda3679351-7ffda3679354 1839->1843 1840->1831 1846 7ffda36793ee-7ffda36793ff 1841->1846 1847 7ffda367933a-7ffda367933d 1841->1847 1843->1821 1845 7ffda367935a-7ffda367935d 1843->1845 1848 7ffda3679372-7ffda3679379 1845->1848 1849 7ffda367935f-7ffda3679361 1845->1849 1853 7ffda36793a8 PyErr_SetString 1846->1853 1850 7ffda367933f-7ffda3679342 1847->1850 1851 7ffda3679395 1847->1851 1854 7ffda3679401-7ffda3679416 call 7ffda3673f9c 1848->1854 1855 7ffda367937f-7ffda367938a call 7ffda36740a0 1848->1855 1849->1848 1852 7ffda3679363-7ffda3679367 1849->1852 1857 7ffda3679344-7ffda3679346 1850->1857 1858 7ffda367938c-7ffda3679393 1850->1858 1856 7ffda367939c-7ffda36793a4 1851->1856 1852->1848 1859 7ffda3679369-7ffda367936c _Py_Dealloc 1852->1859 1853->1828 1854->1829 1855->1829 1856->1853 1857->1839 1857->1845 1858->1856 1859->1848
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Dealloc$Deadline_Err_Eval_O_ctrlThread$CheckInitL_do_handshakeL_get_rbioL_get_wbioR_clear_errorR_peek_last_errorRestoreSaveSignalsStringWeakref_
                                                                                                                                                                                                                                                        • String ID: Underlying socket connection gone$_ssl.c:1003: The handshake operation timed out$_ssl.c:1007: Underlying socket has been closed.$_ssl.c:1011: Underlying socket too large for select().
                                                                                                                                                                                                                                                        • API String ID: 288340648-2389777663
                                                                                                                                                                                                                                                        • Opcode ID: 7265f02c1a542241e3f7e2062acdd0cc4db0a65ef925610e45703ceb09e98bfe
                                                                                                                                                                                                                                                        • Instruction ID: 676ce3c58e9ce19f79c8fb89d495efe411eb3eaae79c8e7c26f529837a0a6cc1
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7265f02c1a542241e3f7e2062acdd0cc4db0a65ef925610e45703ceb09e98bfe
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 76617231B0AA428AFB60DF22946447923E2FF85B94F982431DD4E67796DF3EE4458348
                                                                                                                                                                                                                                                        Function 00007FFD93BFBE90 Relevance: 29.9, APIs: 12, Strings: 5, Instructions: 132threadCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 1864 7ffd93bfbe90-7ffd93bfbec7 PyArg_ParseTuple 1865 7ffd93bfbec9-7ffd93bfbecc 1864->1865 1866 7ffd93bfbee2-7ffd93bfbeea 1864->1866 1867 7ffd93bfbeeb-7ffd93bfbef2 1865->1867 1868 7ffd93bfbece 1865->1868 1870 7ffd93bfbef4-7ffd93bfbefb 1867->1870 1871 7ffd93bfbefd-7ffd93bfbf26 PyEval_SaveThread 1867->1871 1869 7ffd93bfbed5-7ffd93bfbedc PyErr_SetString 1868->1869 1869->1866 1870->1869 1872 7ffd93bfbf2d-7ffd93bfbf3a PyEval_RestoreThread 1871->1872 1873 7ffd93bfbf3c-7ffd93bfbf5d call 7ffd93bf4cc0 1872->1873 1874 7ffd93bfbf5e-7ffd93bfbf66 1872->1874 1876 7ffd93bfbf68-7ffd93bfbf74 1874->1876 1877 7ffd93bfbf97-7ffd93bfbfaa ?PyWinObject_FromIID@@YAPEAU_object@@AEBU_GUID@@@Z 1874->1877 1881 7ffd93bfbf7a-7ffd93bfbf96 1876->1881 1882 7ffd93bfc063-7ffd93bfc076 1876->1882 1878 7ffd93bfbfac-7ffd93bfbfc1 PyDict_GetItem 1877->1878 1879 7ffd93bfbff4-7ffd93bfc022 PyEval_SaveThread PyEval_RestoreThread 1877->1879 1883 7ffd93bfbfc3-7ffd93bfbfc7 1878->1883 1884 7ffd93bfbfd2-7ffd93bfbfd5 1878->1884 1883->1884 1885 7ffd93bfbfc9-7ffd93bfbfcc _Py_Dealloc 1883->1885 1886 7ffd93bfbfd7-7ffd93bfbfdd PyErr_Clear 1884->1886 1887 7ffd93bfc023-7ffd93bfc035 PyObject_IsSubclass 1884->1887 1885->1884 1889 7ffd93bfbfe4-7ffd93bfbfee PyErr_SetString 1886->1889 1890 7ffd93bfc037-7ffd93bfc03e 1887->1890 1891 7ffd93bfc040-7ffd93bfc04a 1887->1891 1889->1879 1890->1889 1892 7ffd93bfc04c-7ffd93bfc053 1891->1892 1893 7ffd93bfc055-7ffd93bfc05d 1891->1893 1892->1889 1893->1882 1895 7ffd93bfc05f 1893->1895 1895->1882
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3410823626.00007FFD93BF1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFD93BF0000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410805377.00007FFD93BF0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410864735.00007FFD93C4E000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410893652.00007FFD93C81000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410911924.00007FFD93C8C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410930367.00007FFD93C8D000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410958266.00007FFD93C96000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffd93bf0000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Eval_Thread$Err_$RestoreSaveString$Arg_ClearD@@@DeallocDict_FromItemObject_ParseTupleU_object@@
                                                                                                                                                                                                                                                        • String ID: The Python IID map is invalid - the value is not an interface type object$The Python object is invalid$The type does not declare a PyCom constructor$There is no interface object registered that supports this IID$|ii:GetTypeInfo
                                                                                                                                                                                                                                                        • API String ID: 2945167311-1333789200
                                                                                                                                                                                                                                                        • Opcode ID: c12a8f3d87f37f9b06d4fb00c08d740b5285eb880e27b4f63054bd0b6c6bdd9d
                                                                                                                                                                                                                                                        • Instruction ID: 597241f39778044d6ed41944223bc090922af48a705f72b774c4bd98c4d7bb91
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c12a8f3d87f37f9b06d4fb00c08d740b5285eb880e27b4f63054bd0b6c6bdd9d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 94515D36B08B4686EA60EFA9F8241AD63A8FB88B94F495431DE8D27754DF3CE445C700
                                                                                                                                                                                                                                                        Function 00007FFDA3574760 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 128COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 1896 7ffda3574760-7ffda357479d PyImport_ImportModuleLevelObject 1897 7ffda35747a3-7ffda35747af 1896->1897 1898 7ffda357491b 1896->1898 1899 7ffda3574935-7ffda3574938 1897->1899 1900 7ffda35747b5-7ffda35747c8 1897->1900 1901 7ffda357491d-7ffda3574934 1898->1901 1899->1901 1902 7ffda35747d0-7ffda35747e9 PyObject_GetAttr 1900->1902 1903 7ffda35747eb-7ffda3574809 PyUnicode_FromFormat 1902->1903 1904 7ffda3574837-7ffda357484b 1902->1904 1905 7ffda357480f-7ffda3574821 PyObject_GetItem 1903->1905 1906 7ffda357489b-7ffda35748e2 PyErr_Clear PyModule_GetFilenameObject PyUnicode_FromFormat PyErr_SetImportError 1903->1906 1907 7ffda357484d-7ffda3574853 PyDict_SetItem 1904->1907 1908 7ffda3574855 PyObject_SetItem 1904->1908 1911 7ffda3574823-7ffda3574827 1905->1911 1912 7ffda3574832-7ffda3574835 1905->1912 1909 7ffda35748f3-7ffda35748f6 1906->1909 1910 7ffda35748e4-7ffda35748e8 1906->1910 1913 7ffda357485b-7ffda3574860 1907->1913 1908->1913 1915 7ffda3574907-7ffda357490a 1909->1915 1916 7ffda35748f8-7ffda35748fc 1909->1916 1910->1909 1914 7ffda35748ea-7ffda35748ed _Py_Dealloc 1910->1914 1911->1912 1917 7ffda3574829-7ffda357482c _Py_Dealloc 1911->1917 1912->1904 1912->1906 1918 7ffda3574871-7ffda3574873 1913->1918 1919 7ffda3574862-7ffda3574866 1913->1919 1914->1909 1915->1898 1921 7ffda357490c-7ffda3574910 1915->1921 1916->1915 1920 7ffda35748fe-7ffda3574901 _Py_Dealloc 1916->1920 1917->1912 1918->1915 1923 7ffda3574879-7ffda3574888 1918->1923 1919->1918 1922 7ffda3574868-7ffda357486b _Py_Dealloc 1919->1922 1920->1915 1921->1898 1924 7ffda3574912-7ffda3574915 _Py_Dealloc 1921->1924 1922->1918 1923->1899 1925 7ffda357488e-7ffda3574896 1923->1925 1924->1898 1925->1902
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413027920.00007FFDA3571000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDA3570000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413010503.00007FFDA3570000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413049733.00007FFDA3585000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413068786.00007FFDA358B000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413086728.00007FFDA358F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3570000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Dealloc$ItemObject_$Err_FormatFromImportObjectUnicode_$AttrClearDict_ErrorFilenameImport_LevelModuleModule_
                                                                                                                                                                                                                                                        • String ID: %U.%U$cannot import name %R from %R (%S)
                                                                                                                                                                                                                                                        • API String ID: 3630264407-438398067
                                                                                                                                                                                                                                                        • Opcode ID: aea79ed82b41080dcdede2459c0bc734a1ab5dbcbebbb0792b6c7292410103bd
                                                                                                                                                                                                                                                        • Instruction ID: 50498df76875dc839bb08a126160cd30f4b5d85b9f1e3bb92e2f380fa01e873e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: aea79ed82b41080dcdede2459c0bc734a1ab5dbcbebbb0792b6c7292410103bd
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 04518571B0EA8682EB169F1AE86427963A2FB45FD5F844830CE4E63756DF3EE045D304
                                                                                                                                                                                                                                                        Function 00007FFDA35A1C62 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413120619.00007FFDA35A1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDA35A0000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413103779.00007FFDA35A0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413120619.00007FFDA3623000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413193437.00007FFDA3625000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413218182.00007FFDA364D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413238640.00007FFDA3652000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413238640.00007FFDA3658000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413238640.00007FFDA3660000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda35a0000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: R_newR_set_debug$L_sk_valueR_clear_errorX509_get0_pubkey
                                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_clnt.c$tls_post_process_server_certificate
                                                                                                                                                                                                                                                        • API String ID: 2779586248-3767186838
                                                                                                                                                                                                                                                        • Opcode ID: 4b3c939a7b197642555fd03858451e68e0e2822e76a72f073d6beb959d7d97e5
                                                                                                                                                                                                                                                        • Instruction ID: a74e2af42b1fe97469afa448c5b1e2e6f226e70ee68d6e08e22baa11508f4546
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4b3c939a7b197642555fd03858451e68e0e2822e76a72f073d6beb959d7d97e5
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AC51A061B0A68281F750DB19D4663BD2762EF86B84F4C6031ED0D6B7DBDF2EE5818708
                                                                                                                                                                                                                                                        Function 00007FFDA35A14F1 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 231COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 1967 7ffda35a14f1-7ffda35e7b94 call 7ffda35a1325 1971 7ffda35e7b9a-7ffda35e7ba2 1967->1971 1972 7ffda35e7c93 1967->1972 1974 7ffda35e7bb1-7ffda35e7bd3 1971->1974 1975 7ffda35e7ba4-7ffda35e7bab call 7ffda35a1852 1971->1975 1973 7ffda35e7c95-7ffda35e7cb1 1972->1973 1976 7ffda35e7bf9-7ffda35e7c03 1974->1976 1977 7ffda35e7bd5-7ffda35e7bd8 1974->1977 1975->1974 1984 7ffda35e7c38-7ffda35e7c3d 1975->1984 1982 7ffda35e7c05-7ffda35e7c33 ERR_new ERR_set_debug call 7ffda35a1d8e 1976->1982 1983 7ffda35e7c3f-7ffda35e7c4d 1976->1983 1980 7ffda35e7bda 1977->1980 1981 7ffda35e7be1-7ffda35e7bf2 1977->1981 1980->1981 1981->1976 1982->1984 1986 7ffda35e7c74-7ffda35e7c87 1983->1986 1987 7ffda35e7c4f-7ffda35e7c54 1983->1987 1984->1973 1989 7ffda35e7c89-7ffda35e7c8c 1986->1989 1990 7ffda35e7cc6-7ffda35e7cd3 1986->1990 1987->1986 1988 7ffda35e7c56-7ffda35e7c6d call 7ffda361faac 1987->1988 1988->1986 1991 7ffda35e7cb2-7ffda35e7cb5 1989->1991 1992 7ffda35e7c8e-7ffda35e7c91 1989->1992 1993 7ffda35e7cd5-7ffda35e7cfc 1990->1993 1994 7ffda35e7cfe-7ffda35e7d0b 1990->1994 1991->1990 1996 7ffda35e7cb7-7ffda35e7cc4 1991->1996 1992->1972 1992->1990 1993->1973 1997 7ffda35e7d4a-7ffda35e7d51 1994->1997 1998 7ffda35e7d0d-7ffda35e7d45 ERR_new ERR_set_debug call 7ffda35a1d8e 1994->1998 1996->1993 2001 7ffda35e7d53-7ffda35e7d57 1997->2001 2002 7ffda35e7d5e-7ffda35e7d61 1997->2002 1998->1973 2001->2002 2004 7ffda35e7d59-7ffda35e7d5c 2001->2004 2005 7ffda35e7d68-7ffda35e7d6f 2002->2005 2006 7ffda35e7d63-7ffda35e7d66 2002->2006 2007 7ffda35e7d70-7ffda35e7d7f SetLastError 2004->2007 2005->2007 2006->2007 2008 7ffda35e7e95-7ffda35e7ec8 ERR_new ERR_set_debug call 7ffda35a1d8e 2007->2008 2009 7ffda35e7d85-7ffda35e7db1 BIO_read 2007->2009 2019 7ffda35e7ecd-7ffda35e7edb 2008->2019 2010 7ffda35e7de5-7ffda35e7df7 2009->2010 2011 7ffda35e7db3-7ffda35e7dc3 BIO_test_flags 2009->2011 2016 7ffda35e7df9-7ffda35e7dfc 2010->2016 2017 7ffda35e7dfe-7ffda35e7e01 2010->2017 2014 7ffda35e7dc5-7ffda35e7ddb BIO_ctrl 2011->2014 2015 7ffda35e7ddd-7ffda35e7ddf 2011->2015 2014->2015 2018 7ffda35e7e09-7ffda35e7e10 2014->2018 2015->2010 2015->2019 2016->2017 2021 7ffda35e7e61 2016->2021 2017->2007 2020 7ffda35e7e07 2017->2020 2025 7ffda35e7e2c-7ffda35e7e5f ERR_new ERR_set_debug call 7ffda35a1d8e 2018->2025 2026 7ffda35e7e12-7ffda35e7e27 call 7ffda35a1c49 2018->2026 2023 7ffda35e7edd-7ffda35e7eec 2019->2023 2024 7ffda35e7eff-7ffda35e7f01 2019->2024 2022 7ffda35e7e64-7ffda35e7e90 2020->2022 2021->2022 2022->1973 2023->2024 2027 7ffda35e7eee-7ffda35e7ef5 2023->2027 2024->1973 2025->2019 2026->2019 2027->2024 2031 7ffda35e7ef7-7ffda35e7efa call 7ffda35a1988 2027->2031 2031->2024
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413120619.00007FFDA35A1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDA35A0000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413103779.00007FFDA35A0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413120619.00007FFDA3623000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413193437.00007FFDA3625000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413218182.00007FFDA364D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413238640.00007FFDA3652000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413238640.00007FFDA3658000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413238640.00007FFDA3660000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda35a0000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: R_newR_set_debug$ErrorLastO_ctrlO_readO_test_flags
                                                                                                                                                                                                                                                        • String ID: ..\s\ssl\record\rec_layer_s3.c$ssl3_read_n
                                                                                                                                                                                                                                                        • API String ID: 3359833097-4226281315
                                                                                                                                                                                                                                                        • Opcode ID: 8ebe03c6254369f7a723c3bcb68090796815b0d3cdd902c278eaeef658847182
                                                                                                                                                                                                                                                        • Instruction ID: ee516818690a83a2c0faa2918d7860e3ad5ed0a27914fa228059d6211f269fca
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8ebe03c6254369f7a723c3bcb68090796815b0d3cdd902c278eaeef658847182
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 23A1AF31B0AB9681FB56DF29D9207B92296EF44B84F684131DD4D2BBCADF3ED4458308
                                                                                                                                                                                                                                                        Function 00007FF715751950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184COMMON
                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 2034 7ff715751950-7ff71575198b call 7ff7157545c0 2037 7ff715751c4e-7ff715751c72 call 7ff71575c550 2034->2037 2038 7ff715751991-7ff7157519d1 call 7ff715757f90 2034->2038 2043 7ff715751c3b-7ff715751c3e call 7ff71576004c 2038->2043 2044 7ff7157519d7-7ff7157519e7 call 7ff7157606d4 2038->2044 2048 7ff715751c43-7ff715751c4b 2043->2048 2049 7ff715751a08-7ff715751a24 call 7ff71576039c 2044->2049 2050 7ff7157519e9-7ff715751a03 call 7ff715764f08 call 7ff715752910 2044->2050 2048->2037 2056 7ff715751a45-7ff715751a5a call 7ff715764f28 2049->2056 2057 7ff715751a26-7ff715751a40 call 7ff715764f08 call 7ff715752910 2049->2057 2050->2043 2063 7ff715751a7b-7ff715751afc call 7ff715751c80 * 2 call 7ff7157606d4 2056->2063 2064 7ff715751a5c-7ff715751a76 call 7ff715764f08 call 7ff715752910 2056->2064 2057->2043 2076 7ff715751b01-7ff715751b14 call 7ff715764f44 2063->2076 2064->2043 2079 7ff715751b35-7ff715751b4e call 7ff71576039c 2076->2079 2080 7ff715751b16-7ff715751b30 call 7ff715764f08 call 7ff715752910 2076->2080 2086 7ff715751b6f-7ff715751b8b call 7ff715760110 2079->2086 2087 7ff715751b50-7ff715751b6a call 7ff715764f08 call 7ff715752910 2079->2087 2080->2043 2093 7ff715751b8d-7ff715751b99 call 7ff715752710 2086->2093 2094 7ff715751b9e-7ff715751bac 2086->2094 2087->2043 2093->2043 2094->2043 2097 7ff715751bb2-7ff715751bb9 2094->2097 2100 7ff715751bc1-7ff715751bc7 2097->2100 2101 7ff715751bc9-7ff715751bd6 2100->2101 2102 7ff715751be0-7ff715751bef 2100->2102 2103 7ff715751bf1-7ff715751bfa 2101->2103 2102->2102 2102->2103 2104 7ff715751bfc-7ff715751bff 2103->2104 2105 7ff715751c0f 2103->2105 2104->2105 2107 7ff715751c01-7ff715751c04 2104->2107 2106 7ff715751c11-7ff715751c24 2105->2106 2108 7ff715751c2d-7ff715751c39 2106->2108 2109 7ff715751c26 2106->2109 2107->2105 2110 7ff715751c06-7ff715751c09 2107->2110 2108->2043 2108->2100 2109->2108 2110->2105 2111 7ff715751c0b-7ff715751c0d 2110->2111 2111->2106
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF715757F90: _fread_nolock.LIBCMT ref: 00007FF71575803A
                                                                                                                                                                                                                                                        • _fread_nolock.LIBCMT ref: 00007FF715751A1B
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF715752910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF715751B6A), ref: 00007FF71575295E
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3410704832.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410690573.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410728111.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410748924.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410748924.00007FF715791000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410783363.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _fread_nolock$CurrentProcess
                                                                                                                                                                                                                                                        • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                                                                                        • API String ID: 2397952137-3497178890
                                                                                                                                                                                                                                                        • Opcode ID: b426b7569fd43417053a9482fb0298cff99dadbc456d732c1d031cb9eee9613e
                                                                                                                                                                                                                                                        • Instruction ID: 1623f6d8500d97f15ce508b92b8c6abf3c46184d4ff88c40aa685badf6eebc07
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b426b7569fd43417053a9482fb0298cff99dadbc456d732c1d031cb9eee9613e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5381C571A18E8686E718FB14E0462F9A3A1AF4CF64FC44531EA8D437A5DF3CE54D8760
                                                                                                                                                                                                                                                        Function 00007FFDA35FECC0 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 207COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413120619.00007FFDA35A1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDA35A0000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413103779.00007FFDA35A0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413120619.00007FFDA3623000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413193437.00007FFDA3625000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413218182.00007FFDA364D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413238640.00007FFDA3652000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413238640.00007FFDA3658000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413238640.00007FFDA3660000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda35a0000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem.c$read_state_machine
                                                                                                                                                                                                                                                        • API String ID: 0-3323778802
                                                                                                                                                                                                                                                        • Opcode ID: c8972936501a879b7e84c5051af7770807ba9d65b882bacb7b5450dec163fd8f
                                                                                                                                                                                                                                                        • Instruction ID: f31a3e08a1ec76c56e3d5cd2873f07e024c40dfcf52bcebd2758f1ef49cdb3f0
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c8972936501a879b7e84c5051af7770807ba9d65b882bacb7b5450dec163fd8f
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DB918F31B0B68282F7119F29D4643B92792EF41B48F584136DA0D67BDACF3EE546D348
                                                                                                                                                                                                                                                        Function 00007FFDA3671000 Relevance: 21.1, APIs: 14, Instructions: 117COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Dict_$From$DeallocItemStringUnicode_$BuildLongLong_Module_StateValue
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 4070576976-0
                                                                                                                                                                                                                                                        • Opcode ID: 2f580570dadecae92c3f8d5133122cd99a9884c04237f7c08c2005058d65d428
                                                                                                                                                                                                                                                        • Instruction ID: 39f46e90813a59fc16240df08110324900d2718a9a90ca0b02a76ade73fbb93e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2f580570dadecae92c3f8d5133122cd99a9884c04237f7c08c2005058d65d428
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D9414035B0B743C1FA549F11A82437826A6BF46B85F8C6031CA1D66397EF3EE445C358
                                                                                                                                                                                                                                                        Function 00007FFDA3579263 Relevance: 19.6, APIs: 13, Instructions: 139COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413027920.00007FFDA3571000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDA3570000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413010503.00007FFDA3570000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413049733.00007FFDA3585000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413068786.00007FFDA358B000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413086728.00007FFDA358F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3570000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Dealloc$Unicode_$FromInternPlaceSizeString
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 2745024575-0
                                                                                                                                                                                                                                                        • Opcode ID: e3abe80e124aa434e129e5a5323edaca9fc8b80d125148bed174b3bde365830c
                                                                                                                                                                                                                                                        • Instruction ID: 5a79afe5746af4e456da4a365ad1919590415a0ec461786993b41f795fba8a34
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e3abe80e124aa434e129e5a5323edaca9fc8b80d125148bed174b3bde365830c
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DE711835F0FA028AFA579F6EA97413833A7AF41B54F944934C50E627A3DF2F60459328
                                                                                                                                                                                                                                                        Function 00007FFD93C140B0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 54libraryloaderthreadCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3410823626.00007FFD93BF1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFD93BF0000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410805377.00007FFD93BF0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410864735.00007FFD93C4E000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410893652.00007FFD93C81000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410911924.00007FFD93C8C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410930367.00007FFD93C8D000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410958266.00007FFD93C96000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffd93bf0000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: GlobalLock@@Win_$AcquireAddressCurrentHandleModuleProcReleaseThread
                                                                                                                                                                                                                                                        • String ID: CoInitializeEx$CoInitializeEx failed (0x%08lx)$ole32.dll
                                                                                                                                                                                                                                                        • API String ID: 2699693448-4213856137
                                                                                                                                                                                                                                                        • Opcode ID: 8a952fc43bd525437a0d6f348abac8e58cc68f4b7ebf1dc6150318704ae46fdd
                                                                                                                                                                                                                                                        • Instruction ID: 864ea4b0b24157fa56b19817192d8beaa0de68fa38dc1d5c6c0e80cb5c2fb4d3
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8a952fc43bd525437a0d6f348abac8e58cc68f4b7ebf1dc6150318704ae46fdd
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 02216020F0CE0796F7B09BE2A87827F27BDAF56744F504035C50D662A0EEBDE485A700
                                                                                                                                                                                                                                                        Function 00007FFDA35FF6B0 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 217COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • ERR_new.LIBCRYPTO-3(?,?,FFFFFFFF,00000000,00007FFDA35FF416), ref: 00007FFDA35FF762
                                                                                                                                                                                                                                                        • ERR_set_debug.LIBCRYPTO-3(?,?,FFFFFFFF,00000000,00007FFDA35FF416), ref: 00007FFDA35FF77A
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413120619.00007FFDA35A1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDA35A0000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413103779.00007FFDA35A0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413120619.00007FFDA3623000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413193437.00007FFDA3625000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413218182.00007FFDA364D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413238640.00007FFDA3652000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413238640.00007FFDA3658000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413238640.00007FFDA3660000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda35a0000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem.c$write_state_machine
                                                                                                                                                                                                                                                        • API String ID: 193678381-552286378
                                                                                                                                                                                                                                                        • Opcode ID: e5d1fe94fccde403d4ccffd35c49600b4c13cc4e7178492653a3fc2a8d140b00
                                                                                                                                                                                                                                                        • Instruction ID: 9926a3e32826a960c75116eec5ae4937ba399a8f146e42dee089e5fd20026e34
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e5d1fe94fccde403d4ccffd35c49600b4c13cc4e7178492653a3fc2a8d140b00
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CDA18F32B0B68282EB669F69D4643B92362FB40B48F484136D94D67FD6CF3EE945C704
                                                                                                                                                                                                                                                        Function 00007FFDA3672150 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 88COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Arg_KeywordsObject_SizeTrueUnicode_Unpack
                                                                                                                                                                                                                                                        • String ID: argument 'txt'$embedded null character$str$txt2obj
                                                                                                                                                                                                                                                        • API String ID: 3371007025-2001486153
                                                                                                                                                                                                                                                        • Opcode ID: 2320e4280f1f69ba6e36c6f1d629554bc59a245645e9aff284964197e01a69df
                                                                                                                                                                                                                                                        • Instruction ID: 5be014f251f91314915d936f6c803420613bde1083e87c6dbc6dce1eb815dda0
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2320e4280f1f69ba6e36c6f1d629554bc59a245645e9aff284964197e01a69df
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4931B522B0EA4685FA60CB11E4643B52762FF98B90F8C6131DE5E67B96DF3ED045C308
                                                                                                                                                                                                                                                        Function 00007FF715751470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3410704832.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410690573.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410728111.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410748924.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410748924.00007FF715791000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410783363.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                                                                        • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                                        • API String ID: 2050909247-3659356012
                                                                                                                                                                                                                                                        • Opcode ID: 72f99dadd0a2177c1d42b060d7648ca84eb7dddf70f4030becfdb2944091b5e7
                                                                                                                                                                                                                                                        • Instruction ID: b0d2092d73608b7882515d4baf22f346914c7b7a5ddc5594e6f1316aa9ee1411
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 72f99dadd0a2177c1d42b060d7648ca84eb7dddf70f4030becfdb2944091b5e7
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DD417721B18A4285EA18EB22A4465B5E3A1AF4CFA4FC44532ED4D077B5DF3CE54DC760
                                                                                                                                                                                                                                                        Function 00007FF715751210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3410704832.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410690573.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410728111.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410748924.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410748924.00007FF715791000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410783363.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                                                                        • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                                                        • API String ID: 2050909247-2813020118
                                                                                                                                                                                                                                                        • Opcode ID: 4176682b56444a78b74e0a45c684f191b40491c6c63e868bb09f8baa48a37ad0
                                                                                                                                                                                                                                                        • Instruction ID: e2d23bdcd13ce99fa414081e68190c3ff2075da278b02426896d912f07418116
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4176682b56444a78b74e0a45c684f191b40491c6c63e868bb09f8baa48a37ad0
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6B51F422A18E4245E629BB11E4523BAA2A1BF48FA4FC44131EE8D477E5EF3CE44DC750
                                                                                                                                                                                                                                                        Function 00007FF7157536B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(?,00007FF715753804), ref: 00007FF7157536E1
                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF715753804), ref: 00007FF7157536EB
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF715752C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF715753706,?,00007FF715753804), ref: 00007FF715752C9E
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF715752C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF715753706,?,00007FF715753804), ref: 00007FF715752D63
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF715752C50: MessageBoxW.USER32 ref: 00007FF715752D99
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3410704832.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410690573.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410728111.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410748924.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410748924.00007FF715791000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410783363.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
                                                                                                                                                                                                                                                        • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                                                                                        • API String ID: 3187769757-2863816727
                                                                                                                                                                                                                                                        • Opcode ID: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
                                                                                                                                                                                                                                                        • Instruction ID: c4d71bf10c2763e0040e843a1221c981981e04cb3a3c9c4e6e97007468ef44c9
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4F216251F28E4245FA28BB20E8563B6A364BF4CB64FC00631E65D865F5EF2CE50CC360
                                                                                                                                                                                                                                                        Function 00007FF71576BA5C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3410704832.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410690573.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410728111.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410748924.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410748924.00007FF715791000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410783363.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                                        • Opcode ID: c3f57b6cd1f658b3a1cfdd45bc75f21d2f6c8be166295f0eb40444005b392bd6
                                                                                                                                                                                                                                                        • Instruction ID: 422602cfbf567bf6591091c9953e97bd971fa8f0e9a59770bd9e12cc26855e7e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c3f57b6cd1f658b3a1cfdd45bc75f21d2f6c8be166295f0eb40444005b392bd6
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 09C1D43290CE8681F668BB1594462BDAB55FB8AFA0FD54231EA4D077A1CF7CE44D8720
                                                                                                                                                                                                                                                        Function 00007FFDA36115A0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 149COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413120619.00007FFDA35A1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDA35A0000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413103779.00007FFDA35A0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413120619.00007FFDA3623000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413193437.00007FFDA3625000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413218182.00007FFDA364D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413238640.00007FFDA3652000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413238640.00007FFDA3658000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413238640.00007FFDA3660000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda35a0000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: R_newR_set_debug
                                                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_lib.c$tls_get_message_header
                                                                                                                                                                                                                                                        • API String ID: 193678381-2714770296
                                                                                                                                                                                                                                                        • Opcode ID: f45773da2448751231a1ca749fc05bc9d2df97a6a3f744ec35cbeb086fc78321
                                                                                                                                                                                                                                                        • Instruction ID: 20544b953a26492662ac32e3286a7e31b5eced39fbe552e6d9fd761324bc3888
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f45773da2448751231a1ca749fc05bc9d2df97a6a3f744ec35cbeb086fc78321
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 83618A32B0978285FB908F25E4643B937A2EB44B48F1C9036DA8D67796DF3ED4618718
                                                                                                                                                                                                                                                        Function 00007FF715756360 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3410704832.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410690573.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410728111.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410748924.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410748924.00007FF715791000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410783363.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                                                                        • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                                                                                                                                                                                                        • API String ID: 2050909247-2434346643
                                                                                                                                                                                                                                                        • Opcode ID: 111e0a7e53993944da2df5d9c96cd3a7cea32e86f931b773c4ccd6a62d35c348
                                                                                                                                                                                                                                                        • Instruction ID: 421fea98dc5bd6598a7fec6face8bad1549ab8b6cb4dfc55c5332cf0e9a16b49
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 111e0a7e53993944da2df5d9c96cd3a7cea32e86f931b773c4ccd6a62d35c348
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0F415721A28E8691EA19FB10F4161E9A325FF4CB64FD00132EA5D476B5DF3CE60DC760
                                                                                                                                                                                                                                                        Function 00007FFDA35BFD40 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413120619.00007FFDA35A1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDA35A0000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413103779.00007FFDA35A0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413120619.00007FFDA3623000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413193437.00007FFDA3625000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413218182.00007FFDA364D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413238640.00007FFDA3652000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413238640.00007FFDA3658000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413238640.00007FFDA3660000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda35a0000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: C_get_current_jobR_newR_set_debugR_set_error
                                                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_lib.c$SSL_do_handshake
                                                                                                                                                                                                                                                        • API String ID: 2134390360-2964568172
                                                                                                                                                                                                                                                        • Opcode ID: 3e19f5133db6f9f0995d995d45ee5f37c3958f709a5efffcd3d50ec949d9a66b
                                                                                                                                                                                                                                                        • Instruction ID: 578f52fa68c1fba3723e04908f1e5604ca73c5cb7af1fa2b251c3b302d74bf3f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3e19f5133db6f9f0995d995d45ee5f37c3958f709a5efffcd3d50ec949d9a66b
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A521D322F0978242FB41AB39E4213B95353EF88B94F5C1231E94D677D7DE2ED5818648
                                                                                                                                                                                                                                                        Function 00007FFD93C40EA0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 59COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3410823626.00007FFD93BF1000.00000020.00000001.01000000.00000018.sdmp, Offset: 00007FFD93BF0000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410805377.00007FFD93BF0000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410864735.00007FFD93C4E000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410893652.00007FFD93C81000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410911924.00007FFD93C8C000.00000008.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410930367.00007FFD93C8D000.00000004.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410958266.00007FFD93C96000.00000002.00000001.01000000.00000018.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffd93bf0000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Bstr@@Object_$Arg_Err_FreeParseStringTupleU_object@@
                                                                                                                                                                                                                                                        • String ID: O|i:Bind$The Python object is invalid
                                                                                                                                                                                                                                                        • API String ID: 3061223275-2584696442
                                                                                                                                                                                                                                                        • Opcode ID: 0d960c27681c90812c89b8f24a092050a8bec021980732a51c3a71dcb4ad7379
                                                                                                                                                                                                                                                        • Instruction ID: 60c71b12e4e60e7e7556d0e47c4aa9bfe93ac0fa7188cc6550085dbbfc76c39b
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0d960c27681c90812c89b8f24a092050a8bec021980732a51c3a71dcb4ad7379
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 15214126B18B5282EE608FA6F86417EE3A4FB88BD0B480436EE4D17B58DF7CD545C700
                                                                                                                                                                                                                                                        Function 00007FFDA3672260 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • OBJ_txt2obj.LIBCRYPTO-3 ref: 00007FFDA3672280
                                                                                                                                                                                                                                                        • PyModule_GetState.PYTHON313 ref: 00007FFDA3672295
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA36722C8: OBJ_obj2nid.LIBCRYPTO-3(?,?,?,?,?,00007FFDA36722A6), ref: 00007FFDA36722EA
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA36722C8: OBJ_nid2sn.LIBCRYPTO-3(?,?,?,?,?,00007FFDA36722A6), ref: 00007FFDA36722FC
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA36722C8: OBJ_nid2ln.LIBCRYPTO-3(?,?,?,?,?,00007FFDA36722A6), ref: 00007FFDA3672307
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA36722C8: Py_BuildValue.PYTHON313(?,?,?,?,?,00007FFDA36722A6), ref: 00007FFDA3672335
                                                                                                                                                                                                                                                        • ASN1_OBJECT_free.LIBCRYPTO-3 ref: 00007FFDA36722AC
                                                                                                                                                                                                                                                        • PyErr_Format.PYTHON313 ref: 00007FFDA3673B7E
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: BuildErr_FormatJ_nid2lnJ_nid2snJ_obj2nidJ_txt2objModule_StateT_freeValue
                                                                                                                                                                                                                                                        • String ID: unknown object '%.100s'
                                                                                                                                                                                                                                                        • API String ID: 3313133940-3113687063
                                                                                                                                                                                                                                                        • Opcode ID: a3d5c27b3a59ceb3e9b76a6530f941593e8bf70ef6e0805ff994e8b2e3df9fe0
                                                                                                                                                                                                                                                        • Instruction ID: c099c00e5489da4e2260183f373cd0c22e2b2be9e36fe6b61e35b221af5c0b36
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a3d5c27b3a59ceb3e9b76a6530f941593e8bf70ef6e0805ff994e8b2e3df9fe0
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F1F08611B1AB4281FE04CB67B9740395362AF8CFD0B8CA430DD1E67B56DF2DE0458708
                                                                                                                                                                                                                                                        Function 00007FF715765628 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3410704832.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410690573.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410728111.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410748924.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410748924.00007FF715791000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410783363.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 1279662727-0
                                                                                                                                                                                                                                                        • Opcode ID: b1746a8a916bbf96797ffba89da9809a683c49b2a7b1d8f7dd6efe5c63c8eb6a
                                                                                                                                                                                                                                                        • Instruction ID: 69623b875914c60f1f326beb389cf820c9365203e18643b203d5ffe72539cd15
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b1746a8a916bbf96797ffba89da9809a683c49b2a7b1d8f7dd6efe5c63c8eb6a
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5141A662D18B8183F718AF209555379A361FB98B74F909335E65C03AE1DF7CA0EC9710
                                                                                                                                                                                                                                                        Function 00007FF71575CC3C Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3410704832.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410690573.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410728111.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410748924.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410748924.00007FF715791000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410783363.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3251591375-0
                                                                                                                                                                                                                                                        • Opcode ID: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
                                                                                                                                                                                                                                                        • Instruction ID: fdc568e14c2ef1a38ac3ee67fbe6a21bc3c743d5fea42a1d8d7e8780c5c1106f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 47315B21E28A4745FA5CBB61D4173B993A59F49FA4FC45234EA0D472F3DF2CA90D8230
                                                                                                                                                                                                                                                        Function 00007FFDA3582BDD Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 27COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413027920.00007FFDA3571000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDA3570000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413010503.00007FFDA3570000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413049733.00007FFDA3585000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413068786.00007FFDA358B000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413086728.00007FFDA358F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3570000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Dealloc
                                                                                                                                                                                                                                                        • String ID: <module>
                                                                                                                                                                                                                                                        • API String ID: 3617616757-217463007
                                                                                                                                                                                                                                                        • Opcode ID: 38ba6ef64a3c4e3da176dcc799c31920718849fe8b93e96334157dff539b19ff
                                                                                                                                                                                                                                                        • Instruction ID: ee391f549b4bdb391482efd8db2bd1201864a6b2f600951a6233273278cd6d6f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 38ba6ef64a3c4e3da176dcc799c31920718849fe8b93e96334157dff539b19ff
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BDF03095F0B64742F6139F1EEC2107516636F51796F800471E90D223A2DE2FE4826318
                                                                                                                                                                                                                                                        Function 00007FFDA35FF070 Relevance: 3.3, APIs: 2, Instructions: 303COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413120619.00007FFDA35A1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDA35A0000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413103779.00007FFDA35A0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413120619.00007FFDA3623000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413193437.00007FFDA3625000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413218182.00007FFDA364D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413238640.00007FFDA3652000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413238640.00007FFDA3658000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413238640.00007FFDA3660000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda35a0000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ErrorLastM_freeR_clear_error
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 1231514297-0
                                                                                                                                                                                                                                                        • Opcode ID: 8603938ac5e1fbf28ba7d9b8f40a04eb8b77d7e104ff7c3c46d49aacb8bdd123
                                                                                                                                                                                                                                                        • Instruction ID: d3d328eeae80a75031a186c430d2d0d863b1dae5ff076b9a73729ba027fbd584
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8603938ac5e1fbf28ba7d9b8f40a04eb8b77d7e104ff7c3c46d49aacb8bdd123
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5321D432F0F78289F7659E6DA86527D22A2EF00B84F184436DA4852FC7DF3AE441C619
                                                                                                                                                                                                                                                        Function 00007FF71576013C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3410704832.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410690573.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410728111.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410748924.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410748924.00007FF715791000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410783363.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                                        • Opcode ID: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                                                                                                                                                                                        • Instruction ID: c5239912223b6b39e696dd360367380750b1286d9004db4d69bcb10c2ea881c5
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B951FA61B19A4186F76EB926940667EA6A1AF48FB4F884734DD6D037E5CF3CE40C8620
                                                                                                                                                                                                                                                        Function 00007FFDA35A1DF7 Relevance: 3.1, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413120619.00007FFDA35A1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDA35A0000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413103779.00007FFDA35A0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413120619.00007FFDA3623000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413193437.00007FFDA3625000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413218182.00007FFDA364D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413238640.00007FFDA3652000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413238640.00007FFDA3658000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413238640.00007FFDA3660000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda35a0000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ErrorLastM_freeR_clear_error
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 1231514297-0
                                                                                                                                                                                                                                                        • Opcode ID: 9e1f5a9259e0aa48b60180f011c1c6fd63c9391dcfad61ef29b2cdf2ae2c5ec5
                                                                                                                                                                                                                                                        • Instruction ID: f5d1f0ed5993316fa4354e297a3fd7dbe70092711c9489de2ba2998fd64c0be5
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9e1f5a9259e0aa48b60180f011c1c6fd63c9391dcfad61ef29b2cdf2ae2c5ec5
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8921A132F0F64285F766AE6DA86527D2292EF00B44F284432D90D66FD7CE3EE841C619
                                                                                                                                                                                                                                                        Function 00007FF71576C134 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3410704832.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410690573.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410728111.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410748924.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410748924.00007FF715791000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410783363.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 2976181284-0
                                                                                                                                                                                                                                                        • Opcode ID: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
                                                                                                                                                                                                                                                        • Instruction ID: 3de893c62bfde02b6acb00400a48806d9b7f22f453cb75ce89d62a9cdaaef48c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8911E262A18E8181EA28AB25F805069B361EB49FF0F940331EE7D0B7E8CF3CD01C8710
                                                                                                                                                                                                                                                        Function 00007FF71576AB58 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,00007FF71576A9D5,?,?,00000000,00007FF71576AA8A), ref: 00007FF71576ABC6
                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF71576A9D5,?,?,00000000,00007FF71576AA8A), ref: 00007FF71576ABD0
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3410704832.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410690573.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410728111.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410748924.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410748924.00007FF715791000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410783363.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 918212764-0
                                                                                                                                                                                                                                                        • Opcode ID: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
                                                                                                                                                                                                                                                        • Instruction ID: 82bbaa7e25dd18572a77960381fc20bfb2e913c24b3389073f86db474e5ce964
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FD21A711B18E4285FA597766949637D92829F8CFB0F884335DA2E477F1CFACE44D4321
                                                                                                                                                                                                                                                        Function 00007FF71576BEAC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3410704832.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410690573.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410728111.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410748924.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410748924.00007FF715791000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410783363.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                                        • Opcode ID: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
                                                                                                                                                                                                                                                        • Instruction ID: f988c549debb264aebf57bddd41e678aa1c397bac0e4db74ca2fb379aa6f2d7b
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1F41CB72508A4287F638AA19A552179B760EB5EF60F940731D68E436F1CF6CE40ECB61
                                                                                                                                                                                                                                                        Function 00007FFDA35FEDB0 Relevance: 1.6, APIs: 1, Instructions: 102COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • BUF_MEM_grow_clean.LIBCRYPTO-3(?,?,?,FFFFFFFF,00000000,?,00007FFDA35FF3FE), ref: 00007FFDA35FEE57
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413120619.00007FFDA35A1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDA35A0000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413103779.00007FFDA35A0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413120619.00007FFDA3623000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413193437.00007FFDA3625000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413218182.00007FFDA364D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413238640.00007FFDA3652000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413238640.00007FFDA3658000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413238640.00007FFDA3660000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda35a0000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: M_grow_clean
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 964628749-0
                                                                                                                                                                                                                                                        • Opcode ID: 1aa8bc403af585d6ad140d3c981c2ccf0944b06950901931b16cc14dda0e7e7d
                                                                                                                                                                                                                                                        • Instruction ID: 1f4496e83eb21bf90dbba501657f70050e8a05dad066d1105e3d595bae885172
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1aa8bc403af585d6ad140d3c981c2ccf0944b06950901931b16cc14dda0e7e7d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F8416332B0B68686EB659F2ED4603792792EF44B88F184135CE4D67BDACF3AE445C704
                                                                                                                                                                                                                                                        Function 00007FF715757F90 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3410704832.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410690573.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410728111.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410748924.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410748924.00007FF715791000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410783363.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _fread_nolock
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 840049012-0
                                                                                                                                                                                                                                                        • Opcode ID: 479405c7ef634ee4bdd4ed85459738d9743f05c8c4b8da07aaad499d404441fa
                                                                                                                                                                                                                                                        • Instruction ID: 7e2456edbcaa2c0e1db52e864ee5f3fa5b9404af8a86e3f93292b7b76213e11e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 479405c7ef634ee4bdd4ed85459738d9743f05c8c4b8da07aaad499d404441fa
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CB21A221B28A5246FA58BB2268063BAD661BF49FE4FD84430EE0C07796DF7DE44DC610
                                                                                                                                                                                                                                                        Function 00007FF71576B93C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3410704832.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410690573.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410728111.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410748924.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410748924.00007FF715791000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410783363.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                                        • Opcode ID: c2d01373d3233558d420055387ebca2c39d1ce99b2c1a08127fa32cb0ba5fec2
                                                                                                                                                                                                                                                        • Instruction ID: 5316b1cc700f6640526cbd04f24842188d81d1ae4773c52822824467b64c0e0b
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c2d01373d3233558d420055387ebca2c39d1ce99b2c1a08127fa32cb0ba5fec2
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2B317E22A18E0285F6197B65888637CAA91AF89FB4FC50335E95D033E2CF7CE44D8735
                                                                                                                                                                                                                                                        Function 00007FFDA367837C Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Arg_KeywordsUnpack
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 1409375599-0
                                                                                                                                                                                                                                                        • Opcode ID: 9f51ded2636a1b60185b38b6805e58519e1da1b2f93d7ffa2b68f717ee703bcd
                                                                                                                                                                                                                                                        • Instruction ID: 89ea139c1a2c46ce7db572be9d0fb04a8c7dbb5feeab183ca51c967692a03984
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9f51ded2636a1b60185b38b6805e58519e1da1b2f93d7ffa2b68f717ee703bcd
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B221E122B0B75181FE50CF42A82196967A5BF49BD0F9D1031EE0C6779ADF7EE841C714
                                                                                                                                                                                                                                                        Function 00007FFDA35A1F4B Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413120619.00007FFDA35A1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDA35A0000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413103779.00007FFDA35A0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413120619.00007FFDA3623000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413193437.00007FFDA3625000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413218182.00007FFDA364D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413238640.00007FFDA3652000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413238640.00007FFDA3658000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413238640.00007FFDA3660000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda35a0000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: O_ctrl
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3605655398-0
                                                                                                                                                                                                                                                        • Opcode ID: ffacaa01b585c98eff8cdd5f9400095c95a35eb81919e94f401bdac9d3660e46
                                                                                                                                                                                                                                                        • Instruction ID: 8b584c9be77c8bc183931a0b9959f8a762c566e55ccd676116e6d9489a506e3a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ffacaa01b585c98eff8cdd5f9400095c95a35eb81919e94f401bdac9d3660e46
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F621A532709B8486E7508F65E450BDAB7A1FB85B88F484036EF8C4BB8ACF3DC5408B44
                                                                                                                                                                                                                                                        Function 00007FF715765F94 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3410704832.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410690573.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410728111.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410748924.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410748924.00007FF715791000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410783363.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                                        • Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                                                                        • Instruction ID: fc810e50a3de8c1f194e98b5b8a55674f8e95d62b1e9fa2e35ac3f7676258c23
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6D118471A1CE4381FA68BF1194121BDE660BF89FA4FC84631EA4C57AA6CF7DD40C5720
                                                                                                                                                                                                                                                        Function 00007FF715776354 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3410704832.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410690573.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410728111.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410748924.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410748924.00007FF715791000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410783363.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                                        • Opcode ID: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
                                                                                                                                                                                                                                                        • Instruction ID: 0393d2871f32812d5bd31af023325b106c7f666b914815afbad5d6f85476cc6d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7021C872608E4286E765AF18E445379B7A0FB88F64F944234E65D476E9DF3CD40DCB10
                                                                                                                                                                                                                                                        Function 00007FF7157603BC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3410704832.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410690573.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410728111.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410748924.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410748924.00007FF715791000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410783363.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                                        • Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                                                                        • Instruction ID: 433361a63adba0e70b79e714af6a42f6ac308644b41dc0124269a5e52f7533b0
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9A018261A08B4181F919BB529902079EAA1BF8AFF0F884771DE5C13BE6CF3CD4098310
                                                                                                                                                                                                                                                        Function 00007FFDA35A1D48 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413120619.00007FFDA35A1000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFDA35A0000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413103779.00007FFDA35A0000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413120619.00007FFDA3623000.00000020.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413193437.00007FFDA3625000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413218182.00007FFDA364D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413238640.00007FFDA3652000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413238640.00007FFDA3658000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413238640.00007FFDA3660000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda35a0000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: O_ctrl
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3605655398-0
                                                                                                                                                                                                                                                        • Opcode ID: c921bd486a97e7f46db7fcb7af9098ff3867d55a4c011b1e5539e085f49d76b1
                                                                                                                                                                                                                                                        • Instruction ID: a767b8df3bd393fd6983c80275bc1352c57f4412e953f0404e9e86b3ea3ed51a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c921bd486a97e7f46db7fcb7af9098ff3867d55a4c011b1e5539e085f49d76b1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 39E0DFA2F0600242F3211BB8A8567691290DB88714FA81030EA0C96FC3DAAED8E28608
                                                                                                                                                                                                                                                        Function 00007FF715758E80 Relevance: 1.5, APIs: 1, Instructions: 19libraryCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF715759390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF7157545F4,00000000,00007FF715751985), ref: 00007FF7157593C9
                                                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(?,00007FF715756476,?,00007FF71575336E), ref: 00007FF715758EA2
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3410704832.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410690573.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410728111.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410748924.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410748924.00007FF715791000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410783363.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ByteCharLibraryLoadMultiWide
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 2592636585-0
                                                                                                                                                                                                                                                        • Opcode ID: 3eee33850ff877a76f59ec51b6af72cd7d073a691558276a485592abc3036afa
                                                                                                                                                                                                                                                        • Instruction ID: b105e21eec28cbf027334cbeb914167722e607b4ded995152a0d2426cf26ef8f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3eee33850ff877a76f59ec51b6af72cd7d073a691558276a485592abc3036afa
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ABD08601B3454541EA48B767B54767592526B8DFD0F888035EE0D03759DE3CC0494700
                                                                                                                                                                                                                                                        Function 00007FF71576D5FC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(?,?,?,00007FF715760C90,?,?,?,00007FF7157622FA,?,?,?,?,?,00007FF715763AE9), ref: 00007FF71576D63A
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3410704832.00007FF715751000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF715750000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410690573.00007FF715750000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410728111.00007FF71577B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410748924.00007FF71578E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410748924.00007FF715791000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3410783363.00007FF715794000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ff715750000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: AllocHeap
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 4292702814-0
                                                                                                                                                                                                                                                        • Opcode ID: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
                                                                                                                                                                                                                                                        • Instruction ID: 59abf85f6e0639e47eef4be6b46e80c05b432bebf62ecd81e7a291adecdf0d50
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 42F0DA50E29A4645FE5D7A71585B6B592905F8CFF4F884730D92E852E1EF2CA4CC8630

                                                                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                                                                        Function 00007FFDA3678734 Relevance: 107.1, APIs: 50, Strings: 11, Instructions: 305COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: DeallocDict_$FromItemLongLong_StringX_ctrl
                                                                                                                                                                                                                                                        • String ID: accept$accept_good$accept_renegotiate$cache_full$connect$connect_good$connect_renegotiate$hits$misses$number$timeouts
                                                                                                                                                                                                                                                        • API String ID: 3804526530-4076585280
                                                                                                                                                                                                                                                        • Opcode ID: 826cc633f0df1c29b54c58aed192b4fcd1af314ebf4e90206c7a0cc2b7cb7904
                                                                                                                                                                                                                                                        • Instruction ID: 285b81d2067cb6561542440accbbccaf4d50ccc419c53a1bf3c77d0889a70d5c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 826cc633f0df1c29b54c58aed192b4fcd1af314ebf4e90206c7a0cc2b7cb7904
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EED15475F0B70782FA105F31A5B957937A2AF59B95B8C2830CA1E27752EF3EA4188344
                                                                                                                                                                                                                                                        Function 00007FFDA367BF74 Relevance: 56.2, APIs: 29, Strings: 3, Instructions: 219threadCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • _PyObject_GC_New.PYTHON313(?,?,00007FFD947961F0,?,?,?,00000000,00007FFDA3677459), ref: 00007FFDA367C012
                                                                                                                                                                                                                                                        • ERR_clear_error.LIBCRYPTO-3(?,?,00007FFD947961F0,?,?,?,00000000,00007FFDA3677459), ref: 00007FFDA367C055
                                                                                                                                                                                                                                                        • PyEval_SaveThread.PYTHON313(?,?,00007FFD947961F0,?,?,?,00000000,00007FFDA3677459), ref: 00007FFDA367C05B
                                                                                                                                                                                                                                                        • SSL_new.LIBSSL-3(?,?,00007FFD947961F0,?,?,?,00000000,00007FFDA3677459), ref: 00007FFDA367C067
                                                                                                                                                                                                                                                        • PyEval_RestoreThread.PYTHON313(?,?,00007FFD947961F0,?,?,?,00000000,00007FFDA3677459), ref: 00007FFDA367C074
                                                                                                                                                                                                                                                        • _Py_Dealloc.PYTHON313(?,?,00007FFD947961F0,?,?,?,00000000,00007FFDA3677459), ref: 00007FFDA367C091
                                                                                                                                                                                                                                                        • SSL_set_session_id_context.LIBSSL-3(?,?,00007FFD947961F0,?,?,?,00000000,00007FFDA3677459), ref: 00007FFDA367C0C1
                                                                                                                                                                                                                                                        • SSL_get0_param.LIBSSL-3(?,?,00007FFD947961F0,?,?,?,00000000,00007FFDA3677459), ref: 00007FFDA367C0CB
                                                                                                                                                                                                                                                        • X509_VERIFY_PARAM_set_hostflags.LIBCRYPTO-3(?,?,00007FFD947961F0,?,?,?,00000000,00007FFDA3677459), ref: 00007FFDA367C0D8
                                                                                                                                                                                                                                                        • SSL_set_ex_data.LIBSSL-3(?,?,00007FFD947961F0,?,?,?,00000000,00007FFDA3677459), ref: 00007FFDA367C0E7
                                                                                                                                                                                                                                                        • SSL_set_fd.LIBSSL-3(?,?,00007FFD947961F0,?,?,?,00000000,00007FFDA3677459), ref: 00007FFDA367C0FA
                                                                                                                                                                                                                                                        • BIO_up_ref.LIBCRYPTO-3(?,?,00007FFD947961F0,?,?,?,00000000,00007FFDA3677459), ref: 00007FFDA367C10E
                                                                                                                                                                                                                                                        • BIO_up_ref.LIBCRYPTO-3(?,?,00007FFD947961F0,?,?,?,00000000,00007FFDA3677459), ref: 00007FFDA367C120
                                                                                                                                                                                                                                                        • SSL_set_bio.LIBSSL-3(?,?,00007FFD947961F0,?,?,?,00000000,00007FFDA3677459), ref: 00007FFDA367C132
                                                                                                                                                                                                                                                        • SSL_ctrl.LIBSSL-3(?,?,00007FFD947961F0,?,?,?,00000000,00007FFDA3677459), ref: 00007FFDA367C14C
                                                                                                                                                                                                                                                        • SSL_get_verify_mode.LIBSSL-3(?,?,00007FFD947961F0,?,?,?,00000000,00007FFDA3677459), ref: 00007FFDA367C160
                                                                                                                                                                                                                                                        • SSL_set_verify.LIBSSL-3(?,?,00007FFD947961F0,?,?,?,00000000,00007FFDA3677459), ref: 00007FFDA367C177
                                                                                                                                                                                                                                                        • SSL_set_post_handshake_auth.LIBSSL-3(?,?,00007FFD947961F0,?,?,?,00000000,00007FFDA3677459), ref: 00007FFDA367C181
                                                                                                                                                                                                                                                        • SSL_get_rbio.LIBSSL-3(?,?,00007FFD947961F0,?,?,?,00000000,00007FFDA3677459), ref: 00007FFDA367C1AE
                                                                                                                                                                                                                                                        • BIO_ctrl.LIBCRYPTO-3(?,?,00007FFD947961F0,?,?,?,00000000,00007FFDA3677459), ref: 00007FFDA367C1C3
                                                                                                                                                                                                                                                        • SSL_get_wbio.LIBSSL-3(?,?,00007FFD947961F0,?,?,?,00000000,00007FFDA3677459), ref: 00007FFDA367C1CD
                                                                                                                                                                                                                                                        • BIO_ctrl.LIBCRYPTO-3(?,?,00007FFD947961F0,?,?,?,00000000,00007FFDA3677459), ref: 00007FFDA367C1DE
                                                                                                                                                                                                                                                        • PyEval_SaveThread.PYTHON313(?,?,00007FFD947961F0,?,?,?,00000000,00007FFDA3677459), ref: 00007FFDA367C1E4
                                                                                                                                                                                                                                                        • SSL_set_connect_state.LIBSSL-3(?,?,00007FFD947961F0,?,?,?,00000000,00007FFDA3677459), ref: 00007FFDA367C1F5
                                                                                                                                                                                                                                                        • SSL_set_accept_state.LIBSSL-3(?,?,00007FFD947961F0,?,?,?,00000000,00007FFDA3677459), ref: 00007FFDA367C1FD
                                                                                                                                                                                                                                                        • PyEval_RestoreThread.PYTHON313(?,?,00007FFD947961F0,?,?,?,00000000,00007FFDA3677459), ref: 00007FFDA367C206
                                                                                                                                                                                                                                                        • PyWeakref_NewRef.PYTHON313(?,?,00007FFD947961F0,?,?,?,00000000,00007FFDA3677459), ref: 00007FFDA367C219
                                                                                                                                                                                                                                                        • _Py_Dealloc.PYTHON313(?,?,00007FFD947961F0,?,?,?,00000000,00007FFDA3677459), ref: 00007FFDA367C267
                                                                                                                                                                                                                                                        • PyObject_GC_Track.PYTHON313(?,?,00007FFD947961F0,?,?,?,00000000,00007FFDA3677459), ref: 00007FFDA367C29E
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Eval_Thread$DeallocO_ctrlO_up_refObject_RestoreSave$L_ctrlL_get0_paramL_get_rbioL_get_verify_modeL_get_wbioL_newL_set_accept_stateL_set_bioL_set_connect_stateL_set_ex_dataL_set_fdL_set_post_handshake_authL_set_session_id_contextL_set_verifyM_set_hostflagsR_clear_errorTrackWeakref_X509_
                                                                                                                                                                                                                                                        • String ID: Cannot create a client socket with a PROTOCOL_TLS_SERVER context$Cannot create a server socket with a PROTOCOL_TLS_CLIENT context$Python
                                                                                                                                                                                                                                                        • API String ID: 2682668916-1888807747
                                                                                                                                                                                                                                                        • Opcode ID: cd1b8ea646ef9afa8d9b55c550e8d37b12c63986d5a7a861df86a7bcf2bbbd8b
                                                                                                                                                                                                                                                        • Instruction ID: 9858197f13a8e634cf1a1df789f813013a9b809522ef75dde974d3a7569d92db
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cd1b8ea646ef9afa8d9b55c550e8d37b12c63986d5a7a861df86a7bcf2bbbd8b
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9FA17235B0A64283FA60DF22E4645397362FF45B84B986535CE4E13B62DF3EE449C748
                                                                                                                                                                                                                                                        Function 00007FFDA3548D60 Relevance: 43.9, APIs: 17, Strings: 8, Instructions: 165memoryCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Tuple$Arg_Err_Parse$Sequence_malloc$ClearReferenceString$AllocateCheckCopyDeallocInitializeLengthSizememset
                                                                                                                                                                                                                                                        • String ID: (bbbbbb)O:SID$AllocateAndInitializeSid$SID buffer size beyond INT_MAX$s#:SID$sub authorities must be a sequence of integers.$sub authorities sequence size must be <= 8$|llllllll:SID$|n:SID
                                                                                                                                                                                                                                                        • API String ID: 2352083970-3682999398
                                                                                                                                                                                                                                                        • Opcode ID: 020ee9fc2ce227d5ea7689a31ee209964d0e18efe041a45036f0acedb8e9d53f
                                                                                                                                                                                                                                                        • Instruction ID: dca025a945a8cd2b415c9c5953b651e6e8b7d688cfc488acc792b468a93c73ad
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 020ee9fc2ce227d5ea7689a31ee209964d0e18efe041a45036f0acedb8e9d53f
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 75817732B0AB4299EB15CF29E4502AD33A6FB48788F404135EA4E67B59EF3EE514C744
                                                                                                                                                                                                                                                        Function 00007FFDA3547EB0 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 130COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: DescriptorSecurityfree$DaclErr_String$Arg_GroupLengthOwnerParseTupleValid
                                                                                                                                                                                                                                                        • String ID: SetSecurityDescriptorDacl$The object is not a PyACL object$iOi:SetSecurityDescriptorDacl
                                                                                                                                                                                                                                                        • API String ID: 1359849467-4100764314
                                                                                                                                                                                                                                                        • Opcode ID: c69bcfbae6702bafd583d989010392b99e7b92f64845daa9d82c487b6be77957
                                                                                                                                                                                                                                                        • Instruction ID: 20d6d51fd91938ca8dc8bfea9a4be4339e95abcae331f4ead69e44a84e96dcdb
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c69bcfbae6702bafd583d989010392b99e7b92f64845daa9d82c487b6be77957
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4E518022F1A70295EF1A8F69E8601B827A3BF44BC4B444431DD2E67B56DF3EE545C308
                                                                                                                                                                                                                                                        Function 00007FFDA36753DC Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 68COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA3672358: OBJ_obj2txt.LIBCRYPTO-3 ref: 00007FFDA367239D
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA3672358: PyUnicode_FromStringAndSize.PYTHON313 ref: 00007FFDA36723C3
                                                                                                                                                                                                                                                        • ASN1_STRING_type.LIBCRYPTO-3(?,?,?,?,?,?,00000000,00007FFDA36752B1), ref: 00007FFDA3675420
                                                                                                                                                                                                                                                        • ASN1_STRING_length.LIBCRYPTO-3(?,?,?,?,?,?,00000000,00007FFDA36752B1), ref: 00007FFDA367542E
                                                                                                                                                                                                                                                        • ASN1_STRING_get0_data.LIBCRYPTO-3(?,?,?,?,?,?,00000000,00007FFDA36752B1), ref: 00007FFDA367543A
                                                                                                                                                                                                                                                        • Py_BuildValue.PYTHON313(?,?,?,?,?,?,00000000,00007FFDA36752B1), ref: 00007FFDA3675450
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA3676750: ERR_peek_last_error.LIBCRYPTO-3 ref: 00007FFDA3676768
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA3676750: ERR_clear_error.LIBCRYPTO-3 ref: 00007FFDA3676791
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: BuildFromG_get0_dataG_lengthG_typeJ_obj2txtR_clear_errorR_peek_last_errorSizeStringUnicode_Value
                                                                                                                                                                                                                                                        • String ID: D:\a\1\s\Modules\_ssl.c$Ns#$Ny#
                                                                                                                                                                                                                                                        • API String ID: 3688187681-3706530764
                                                                                                                                                                                                                                                        • Opcode ID: a56e385dd9f82a97b731b3bd318fa4146ccdbce11f56f854f3cbde2209290979
                                                                                                                                                                                                                                                        • Instruction ID: 7d29b6ff1b5d17339dd4ddfe77deb1fb8e47fcdf719ba7b2edddf0d5a069f1cc
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a56e385dd9f82a97b731b3bd318fa4146ccdbce11f56f854f3cbde2209290979
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DB21B461B1E74282FB108B12A5643796352AF45BC5F8C6430DE0E67B5BEF3DE0458718
                                                                                                                                                                                                                                                        Function 00007FFDA354FA14 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 313767242-0
                                                                                                                                                                                                                                                        • Opcode ID: a77b7a5226053fc0ebc07969f81f816b5156b1559ac007c1bd8a292e365ebe04
                                                                                                                                                                                                                                                        • Instruction ID: 48809fd3388df1505a8892dc6a952f204740b36d663c432e193c099d371a67bf
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a77b7a5226053fc0ebc07969f81f816b5156b1559ac007c1bd8a292e365ebe04
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9731B47270AB8186EB658FA9E8603ED7362FB84744F40403ADA4E57B95DF3DD248C718
                                                                                                                                                                                                                                                        Function 00007FFDA367339C Relevance: 13.6, APIs: 9, Instructions: 71COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 313767242-0
                                                                                                                                                                                                                                                        • Opcode ID: 8e86fcbda8d44a87da12ad3cbe0ff2274eff02410a8037cee209cf92a2e866f6
                                                                                                                                                                                                                                                        • Instruction ID: 5f99acd5d558959b9931b21ca51331ed90805f4a79ed4d31213d99595a8606ad
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8e86fcbda8d44a87da12ad3cbe0ff2274eff02410a8037cee209cf92a2e866f6
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 50316D72709B8186FB608F60E8503ED7365FB84708F88543ADA4E67B99EF39C548C714
                                                                                                                                                                                                                                                        Function 00007FFDA354D6E0 Relevance: 80.7, APIs: 33, Strings: 13, Instructions: 201threadmemoryCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ReadyType_$Dict_String$DeallocItem$State_SwapThread$ErrorFatalFuncImport$AllocCapsule_DecodeFlagsImport_LocalModuleRun_Unicode_Value
                                                                                                                                                                                                                                                        • String ID: Exception$Out of memory allocating thread state.$PyWinInterpreterState_Ensure$__builtins__$__name__$builtins$class error(Exception): def __init__(self, *args, **kw): nargs = len(args) if nargs > 0: self.winerror = args[0] else: self.winerror = None if nargs > 1: self.funcname = args[1] else: self.funcname = None if nargs > 2: self.strerror =$com_error$datetime.datetime_CAPI$error$ignore$pywintypes$pywintypes: can not setup interpreter state, as current state is invalid
                                                                                                                                                                                                                                                        • API String ID: 3484552599-1312685011
                                                                                                                                                                                                                                                        • Opcode ID: 3e559cf5b5cfc2f2b8ba3100ed33c113d64749a0116b8bc114fdaa9902568029
                                                                                                                                                                                                                                                        • Instruction ID: 930bf9e3ad9c4f0218b5d0b35132b94dcb323f32b4a8816126b9246d0788046c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3e559cf5b5cfc2f2b8ba3100ed33c113d64749a0116b8bc114fdaa9902568029
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 36A1B734F1AB0281EA0A8B2DE97427927A3BF44B95F444535C91F627A2EF3EF5158708
                                                                                                                                                                                                                                                        Function 00007FFDA354DB30 Relevance: 78.9, APIs: 28, Strings: 17, Instructions: 167COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Dict_String$Item$ReadyType_$State_SwapThread$Module_$ErrorFatalFunc$AllocConstantCreate2DeallocDecodeDictErr_LocalUnicode_Value
                                                                                                                                                                                                                                                        • String ID: ACLType$Could not initialise the error objects$DEVMODEType$DEVMODEWType$FALSE$HANDLEType$IIDType$OVERLAPPEDType$SECURITY_ATTRIBUTESType$SECURITY_DESCRIPTORType$SIDType$TRUE$TimeType$WAVEFORMATEXType$WAVE_FORMAT_PCM$com_error$error
                                                                                                                                                                                                                                                        • API String ID: 2302314715-313003814
                                                                                                                                                                                                                                                        • Opcode ID: de223336d6068828db36fb0dc1bb87c70e4bd450320daeffceca65b23cb5c0d5
                                                                                                                                                                                                                                                        • Instruction ID: 91f4cce5d18871d262c5452ee1e9016b8d781d7d6e3de96ab9e290642863f885
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: de223336d6068828db36fb0dc1bb87c70e4bd450320daeffceca65b23cb5c0d5
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D391BF60F1AB0291EA068B2DE8741743693AF517A0F940632D42F637F2DF7FF9598648
                                                                                                                                                                                                                                                        Function 00007FFDA354E090 Relevance: 77.2, APIs: 25, Strings: 19, Instructions: 225COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Dealloc$ImportImport_Module$FreeMem__wcsdup
                                                                                                                                                                                                                                                        • String ID: <Error getting traceback - cStringIO.StringIO() failed>$<Error getting traceback - can't find cStringIO.StringIO>$<Error getting traceback - can't find getvalue function>$<Error getting traceback - can't find traceback.print_exception>$<Error getting traceback - can't import cStringIO>$<Error getting traceback - can't import traceback>$<Error getting traceback - can't make print_exception arguments>$<Error getting traceback - getvalue() did not return a string>$<Error getting traceback - getvalue() failed.>$<Error getting traceback - traceback.print_exception() failed>$<NULL!!>$Getting WCHAR string$None is not a valid string in this context$OOOOOi$Objects of type '%s' can not be converted to Unicode.$StringIO$getvalue$print_exception$traceback
                                                                                                                                                                                                                                                        • API String ID: 2735870070-3599414692
                                                                                                                                                                                                                                                        • Opcode ID: 0043d422bc0162b250e8750caf090f3e3b7605d422a7505aa728d4c321d93bbf
                                                                                                                                                                                                                                                        • Instruction ID: e4f74ca2cddb772896e7c02bf688620c574d7ec2aa12558e0b6ed11635c414fc
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0043d422bc0162b250e8750caf090f3e3b7605d422a7505aa728d4c321d93bbf
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C2A1F621F0BB4281EE5B8B1AA87827827A3BF54B85F445431D90E66796EF3EF504C34C
                                                                                                                                                                                                                                                        Function 00007FFDA3677ACC Relevance: 75.5, APIs: 33, Strings: 10, Instructions: 218threadCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • PyType_GetModuleByDef.PYTHON313(?,?,?,?,00000000,00007FFDA36770DB), ref: 00007FFDA3677AF4
                                                                                                                                                                                                                                                        • PyErr_SetString.PYTHON313(?,?,?,?,00000000,00007FFDA36770DB), ref: 00007FFDA3677B16
                                                                                                                                                                                                                                                        • TLS_server_method.LIBSSL-3(?,?,?,?,00000000,00007FFDA36770DB), ref: 00007FFDA3677B6D
                                                                                                                                                                                                                                                        • TLS_client_method.LIBSSL-3(?,?,?,?,00000000,00007FFDA36770DB), ref: 00007FFDA3677B78
                                                                                                                                                                                                                                                        • PyErr_WarnEx.PYTHON313(?,?,?,?,00000000,00007FFDA36770DB), ref: 00007FFDA3677B97
                                                                                                                                                                                                                                                        • TLSv1_2_method.LIBSSL-3(?,?,?,?,00000000,00007FFDA36770DB), ref: 00007FFDA3677BA6
                                                                                                                                                                                                                                                        • PyErr_WarnEx.PYTHON313(?,?,?,?,00000000,00007FFDA36770DB), ref: 00007FFDA3677BC2
                                                                                                                                                                                                                                                        • TLSv1_1_method.LIBSSL-3(?,?,?,?,00000000,00007FFDA36770DB), ref: 00007FFDA3677BD1
                                                                                                                                                                                                                                                        • PyErr_WarnEx.PYTHON313(?,?,?,?,00000000,00007FFDA36770DB), ref: 00007FFDA3677BED
                                                                                                                                                                                                                                                        • TLSv1_method.LIBSSL-3(?,?,?,?,00000000,00007FFDA36770DB), ref: 00007FFDA3677BFC
                                                                                                                                                                                                                                                        • PyErr_WarnEx.PYTHON313(?,?,?,?,00000000,00007FFDA36770DB), ref: 00007FFDA3677C18
                                                                                                                                                                                                                                                        • TLS_method.LIBSSL-3(?,?,?,?,00000000,00007FFDA36770DB), ref: 00007FFDA3677C27
                                                                                                                                                                                                                                                        • PyErr_Format.PYTHON313(?,?,?,?,00000000,00007FFDA36770DB), ref: 00007FFDA3677C49
                                                                                                                                                                                                                                                        • PyEval_SaveThread.PYTHON313(?,?,?,?,00000000,00007FFDA36770DB), ref: 00007FFDA3677C54
                                                                                                                                                                                                                                                        • SSL_CTX_new.LIBSSL-3(?,?,?,?,00000000,00007FFDA36770DB), ref: 00007FFDA3677C60
                                                                                                                                                                                                                                                        • PyEval_RestoreThread.PYTHON313(?,?,?,?,00000000,00007FFDA36770DB), ref: 00007FFDA3677C6C
                                                                                                                                                                                                                                                        • PyModule_GetState.PYTHON313(?,?,?,?,00000000,00007FFDA36770DB), ref: 00007FFDA3677C7A
                                                                                                                                                                                                                                                        • SSL_CTX_free.LIBSSL-3(?,?,?,?,00000000,00007FFDA36770DB), ref: 00007FFDA3677CB1
                                                                                                                                                                                                                                                        • PyModule_GetState.PYTHON313(?,?,?,?,00000000,00007FFDA36770DB), ref: 00007FFDA3677CE1
                                                                                                                                                                                                                                                        • _Py_Dealloc.PYTHON313(?,?,?,?,00000000,00007FFDA36770DB), ref: 00007FFDA3677D25
                                                                                                                                                                                                                                                        • SSL_CTX_set_options.LIBSSL-3(?,?,?,?,00000000,00007FFDA36770DB), ref: 00007FFDA3677D4C
                                                                                                                                                                                                                                                        • SSL_CTX_set_cipher_list.LIBSSL-3(?,?,?,?,00000000,00007FFDA36770DB), ref: 00007FFDA3677D67
                                                                                                                                                                                                                                                        • ERR_clear_error.LIBCRYPTO-3(?,?,?,?,00000000,00007FFDA36770DB), ref: 00007FFDA3677D71
                                                                                                                                                                                                                                                        • PyErr_SetString.PYTHON313(?,?,?,?,00000000,00007FFDA36770DB), ref: 00007FFDA3677D86
                                                                                                                                                                                                                                                        • SSL_CTX_ctrl.LIBSSL-3(?,?,?,?,00000000,00007FFDA36770DB), ref: 00007FFDA3677DAF
                                                                                                                                                                                                                                                        • PyErr_Format.PYTHON313(?,?,?,?,00000000,00007FFDA36770DB), ref: 00007FFDA3677DCD
                                                                                                                                                                                                                                                        • _Py_Dealloc.PYTHON313(?,?,?,?,00000000,00007FFDA36770DB), ref: 00007FFDA3677DE1
                                                                                                                                                                                                                                                        • ERR_clear_error.LIBCRYPTO-3(?,?,?,?,00000000,00007FFDA36770DB), ref: 00007FFDA3677DE7
                                                                                                                                                                                                                                                        • SSL_CTX_ctrl.LIBSSL-3(?,?,?,?,00000000,00007FFDA36770DB), ref: 00007FFDA3677E01
                                                                                                                                                                                                                                                        • SSL_CTX_get0_param.LIBSSL-3(?,?,?,?,00000000,00007FFDA36770DB), ref: 00007FFDA3677E0B
                                                                                                                                                                                                                                                        • X509_VERIFY_PARAM_set_flags.LIBCRYPTO-3(?,?,?,?,00000000,00007FFDA36770DB), ref: 00007FFDA3677E1C
                                                                                                                                                                                                                                                        • X509_VERIFY_PARAM_set_hostflags.LIBCRYPTO-3(?,?,?,?,00000000,00007FFDA36770DB), ref: 00007FFDA3677E28
                                                                                                                                                                                                                                                        • SSL_CTX_set_post_handshake_auth.LIBSSL-3(?,?,?,?,00000000,00007FFDA36770DB), ref: 00007FFDA3677E38
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Err_$Warn$DeallocEval_FormatModule_R_clear_errorStateStringThreadX509_X_ctrl$M_set_flagsM_set_hostflagsModuleRestoreS_client_methodS_methodS_server_methodSaveSv1_1_methodSv1_2_methodSv1_methodType_X_freeX_get0_paramX_newX_set_cipher_listX_set_optionsX_set_post_handshake_auth
                                                                                                                                                                                                                                                        • String ID: @SECLEVEL=2:ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES:DHE+AES:!aNULL:!eNULL:!aDSS:!SHA1:!AESCCM$Cannot find internal module state$Failed to set minimum protocol 0x%x$HIGH:!aNULL:!eNULL$No cipher can be selected.$invalid or unsupported protocol version %i$ssl.PROTOCOL_TLS is deprecated$ssl.PROTOCOL_TLSv1 is deprecated$ssl.PROTOCOL_TLSv1_1 is deprecated$ssl.PROTOCOL_TLSv1_2 is deprecated
                                                                                                                                                                                                                                                        • API String ID: 2858978057-3426422906
                                                                                                                                                                                                                                                        • Opcode ID: 48bebc18205c76d80cab5c4d01de1e3ce84cc258928a9eb230b2610426a1f973
                                                                                                                                                                                                                                                        • Instruction ID: 03fa866f89f34f4d32df770a5b2b66b404691458e425336ac701c45cdf518d32
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 48bebc18205c76d80cab5c4d01de1e3ce84cc258928a9eb230b2610426a1f973
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 97A16335B0AA0283FA549F25E97807837A2FF45B94F986531C91E67762DF3EE458C308
                                                                                                                                                                                                                                                        Function 00007FFDA3677F2C Relevance: 68.5, APIs: 36, Strings: 3, Instructions: 206threadCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Err_$DeallocR_clear_errorStringUnicode_X_set_default_passwd_cbX_set_default_passwd_cb_userdata$ConverterEval_ExceptionFreeMatchesMem_Thread_errno$Callable_CheckErrnoFormatFromR_peek_last_errorRestoreSaveX_get_default_passwd_cbX_get_default_passwd_cb_userdataX_use_certificate_chain_file
                                                                                                                                                                                                                                                        • String ID: certfile should be a valid filesystem path$keyfile should be a valid filesystem path$password should be a string or callable
                                                                                                                                                                                                                                                        • API String ID: 1360066414-998072137
                                                                                                                                                                                                                                                        • Opcode ID: d7c8620c3b1db992069c4994a0da7375102a158a8bd939964995283b44567453
                                                                                                                                                                                                                                                        • Instruction ID: 5d790e93217b6b8b08fac3c42f3fd8336f8a771d4e6bf47e705ecf2c631faa54
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d7c8620c3b1db992069c4994a0da7375102a158a8bd939964995283b44567453
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8FA11F35B0AA42C6FB109F61E8640792772FF44B59B9C6431CD0E67B56DF3EE8598308
                                                                                                                                                                                                                                                        Function 00007FFDA3672410 Relevance: 64.9, APIs: 18, Strings: 19, Instructions: 124COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Module_$ObjectWith$Err_Exception$Dealloc$BasesFromPackSpecStateTuple_Type_
                                                                                                                                                                                                                                                        • String ID: A certificate could not be verified.$Non-blocking SSL socket needs to read more databefore the requested operation can be completed.$Non-blocking SSL socket needs to write more databefore the requested operation can be completed.$SSL/TLS connection terminated abruptly.$SSL/TLS session closed cleanly.$SSLCertVerificationError$SSLEOFError$SSLError$SSLSyscallError$SSLWantReadError$SSLWantWriteError$SSLZeroReturnError$System error when attempting SSL operation.$ssl.SSLCertVerificationError$ssl.SSLEOFError$ssl.SSLSyscallError$ssl.SSLWantReadError$ssl.SSLWantWriteError$ssl.SSLZeroReturnError
                                                                                                                                                                                                                                                        • API String ID: 2091157252-1330971811
                                                                                                                                                                                                                                                        • Opcode ID: 85c8ea0a4b1603a364a6c51d8a05ef5ffe5e52dbd55a1fbedf1c68b2a8ea180a
                                                                                                                                                                                                                                                        • Instruction ID: 8e14ec46f864f348fcff936ce1c671fd600b53565e87f2d951610877ef213c9f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 85c8ea0a4b1603a364a6c51d8a05ef5ffe5e52dbd55a1fbedf1c68b2a8ea180a
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 76512F71B0AB4381FB109F15F87456527A7BF09B84B987036C90D6BB66EF2EE158C348
                                                                                                                                                                                                                                                        Function 00007FFDA3542600 Relevance: 49.2, APIs: 14, Strings: 14, Instructions: 175COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • GetExplicitEntriesFromAclW.ADVAPI32 ref: 00007FFDA3542623
                                                                                                                                                                                                                                                        • PyTuple_New.PYTHON313 ref: 00007FFDA3542651
                                                                                                                                                                                                                                                        • PyErr_SetString.PYTHON313 ref: 00007FFDA35426FB
                                                                                                                                                                                                                                                        • Py_BuildValue.PYTHON313 ref: 00007FFDA354287C
                                                                                                                                                                                                                                                        • PyTuple_SetItem.PYTHON313 ref: 00007FFDA3542890
                                                                                                                                                                                                                                                        • LocalFree.KERNEL32 ref: 00007FFDA3542908
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354C400: GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFDA3547A4D,?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA354C41B
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354C400: FormatMessageW.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFDA3547A4D,?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA354C48A
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354C400: PyUnicode_DecodeMBCS.PYTHON313(?,?,?,?,?,00000000,00000000,00007FFDA3547A4D,?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA354C568
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354C400: Py_BuildValue.PYTHON313(?,?,?,?,?,00000000,00000000,00007FFDA3547A4D,?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA354C57D
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354C400: LocalFree.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFDA3547A4D,?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA354C595
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354C400: PyErr_SetObject.PYTHON313(?,?,?,?,?,00000000,00000000,00007FFDA3547A4D,?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA354C5AA
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: BuildErr_FreeLocalTuple_Value$DecodeEntriesErrorExplicitFormatFromItemLastMessageObjectStringUnicode_
                                                                                                                                                                                                                                                        • String ID: AccessMode$AccessPermissions$GetExplicitEntriesFromAcl$Identifier$Inheritance$Invalid value for TrusteeForm$MultipleTrustee$MultipleTrusteeOperation$Trustee$TrusteeForm$TrusteeForm not yet supported$TrusteeType${s:O,s:l,s:l,s:l,s:N}${s:l,s:l,s:l,s:N}
                                                                                                                                                                                                                                                        • API String ID: 1576682769-3224252679
                                                                                                                                                                                                                                                        • Opcode ID: 5a51bc5ec4fdc2f2b2449b67a7b18b879f8b3dee29234ec28016f6faf2fd6655
                                                                                                                                                                                                                                                        • Instruction ID: b131e4b6819a81b3c67ca6a482e9ef54fa15c0b2c0e3101445e58c707e2612ae
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5a51bc5ec4fdc2f2b2449b67a7b18b879f8b3dee29234ec28016f6faf2fd6655
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 02915D35B0AB4286EA26CF19F46026977A2FB44B90F444035CA4E63B66DF3EF549C708
                                                                                                                                                                                                                                                        Function 00007FFDA354A0B0 Relevance: 47.5, APIs: 21, Strings: 6, Instructions: 207COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Err_$Dealloc$String$LongNumber_Object_$ArgumentAttrBuildCallCheckClearFormatLong_ObjectOccurredSubtypeType_Value_mktime64
                                                                                                                                                                                                                                                        • String ID: (d)$Objects of type '%s' can not be used as a time object$iiiiiiiii|i$mktime argument out of range$timetuple$year out of range
                                                                                                                                                                                                                                                        • API String ID: 3975405178-3179837657
                                                                                                                                                                                                                                                        • Opcode ID: 3ef851e5d06e54bdc5a790e60f5679cb7fcdb0b9f7579482d87791eaca5b7d75
                                                                                                                                                                                                                                                        • Instruction ID: abdc169efdbcea8e25bd5da1d0635ab07705c814fa7d97654ccf3a4e949d1c48
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3ef851e5d06e54bdc5a790e60f5679cb7fcdb0b9f7579482d87791eaca5b7d75
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 81A15F32F0AB4285EB9A8F29D4602B933A2EF44B94F444135D94E66756EF3EF584C708
                                                                                                                                                                                                                                                        Function 00007FFDA354DE80 Relevance: 47.4, APIs: 16, Strings: 11, Instructions: 106libraryloadermemoryCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: AddressProc$CriticalSection$AllocDeleteFreeHandleInitializeLibraryLoadModule
                                                                                                                                                                                                                                                        • String ID: AddAccessAllowedAce$AddAccessAllowedAceEx$AddAccessAllowedObjectAce$AddAccessDeniedAce$AddAccessDeniedAceEx$AddAccessDeniedObjectAce$AddAuditAccessAceEx$AddAuditAccessObjectAce$AddMandatoryAce$AdvAPI32.dll$SetSecurityDescriptorControl
                                                                                                                                                                                                                                                        • API String ID: 3842108915-2689366622
                                                                                                                                                                                                                                                        • Opcode ID: 57473d222362ce1a73b4be061c9170d604a9f0b2407b316df202a6e5a26e742f
                                                                                                                                                                                                                                                        • Instruction ID: 2f57934d0f60ff1727cdeabadba289f009f504dbe429edfe667118c8351b88a6
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 57473d222362ce1a73b4be061c9170d604a9f0b2407b316df202a6e5a26e742f
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A9517725F0AB4695FE46DB1DFCB557437A2AF48B91B481035C80EA2362DF3EF6648348
                                                                                                                                                                                                                                                        Function 00007FFDA3543F20 Relevance: 43.9, APIs: 19, Strings: 6, Instructions: 189COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Dealloc$Err_Sequence_String$Arg_FreeParseTuple$CheckEntriesItemKeywordsLocalMem_SizeTuple_freemallocmemset
                                                                                                                                                                                                                                                        • String ID: EXPLICIT_ACCESS must be a dictionary containing {AccessPermissions:int,AccessMode:int,Inheritance:int,Trustee:<o PyTRUSTEE>}$O:SetEntriesInAcl$Parm must be a list of EXPLICIT_ACCESS dictionaries$SetEntriesInAcl$SetEntriesInAcl: unable to allocate EXPLICIT_ACCESS_W$lllO
                                                                                                                                                                                                                                                        • API String ID: 1438466550-1140684800
                                                                                                                                                                                                                                                        • Opcode ID: acf0275f699249ee3a72eaa94773bbe7f7b2b370675f5fc8c16df187906dc64b
                                                                                                                                                                                                                                                        • Instruction ID: f58fa934d6ccffc45d206c44bb687b2407518b6a6cc2a7dd9b42e6b66c023a45
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: acf0275f699249ee3a72eaa94773bbe7f7b2b370675f5fc8c16df187906dc64b
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3E816032B4AB8285EB168F2AE86427937A6FF85B84F144031DA4F57B16DF3EE544C704
                                                                                                                                                                                                                                                        Function 00007FFDA3545BE0 Relevance: 43.9, APIs: 17, Strings: 8, Instructions: 164COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Err_String$Buffer_FormatFromRelease$Arg_BufferCharFreeMem_Object_ParseProgReferenceTupleUnicode_Widemalloc
                                                                                                                                                                                                                                                        • String ID: <NULL!!>$Buffer cannot be None$Buffer length can be at most %d characters$Getting WCHAR string$None is not a valid string in this context$Objects of type '%s' can not be converted to Unicode.$O|i$string too small - must be at least %d bytes (got %d)
                                                                                                                                                                                                                                                        • API String ID: 4105764891-2902820477
                                                                                                                                                                                                                                                        • Opcode ID: 617d2196de1cec3ed8d6d8ab3add72d5df5a5d96e77225db4f40206af1f54af4
                                                                                                                                                                                                                                                        • Instruction ID: b9709e8ef1b8608958234c7195db2ca8a341815feaf08042d3a3720833c4d0f7
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 617d2196de1cec3ed8d6d8ab3add72d5df5a5d96e77225db4f40206af1f54af4
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F081F721F0AB42C5EB16CF69D4642B827A3AB84B84F444435DA0F67B56DF3EF648C348
                                                                                                                                                                                                                                                        Function 00007FFDA3547610 Relevance: 42.1, APIs: 17, Strings: 7, Instructions: 136COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Err_$DescriptorSecurity$String$Arg_Buffer_ParseReleaseTuplefreemalloc$BufferClearControlDeallocFormatInitializeLengthObject_OccurredReferenceValid
                                                                                                                                                                                                                                                        • String ID: Buffer cannot be None$Buffer length can be at most %d characters$Data is not a valid security descriptor$O:SECURITY_DESCRIPTOR$Security descriptor created from a buffer must be self relative$Security descriptors are not supported on this platform$|l:SECURITY_DESCRIPTOR
                                                                                                                                                                                                                                                        • API String ID: 929864077-2729865943
                                                                                                                                                                                                                                                        • Opcode ID: 907e45069e2a562dd984d1ee0477dffeda1de1be7776d16703d8a25f67731b20
                                                                                                                                                                                                                                                        • Instruction ID: 59b8cd848d13377fc10ca543b0371d8cb5123aaa419c11049f10e18a73e4521c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 907e45069e2a562dd984d1ee0477dffeda1de1be7776d16703d8a25f67731b20
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DB611621F0AB4281EE5A8F19E9A027823A3FB84B80F444035D95F67B66DF3EF545C748
                                                                                                                                                                                                                                                        Function 00007FFDA3547A80 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 181COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: AbsoluteErr_FormatMakemallocmemset
                                                                                                                                                                                                                                                        • String ID: ($MakeAbsoluteSD$Unable to allocate %d bytes
                                                                                                                                                                                                                                                        • API String ID: 1436552674-2130869594
                                                                                                                                                                                                                                                        • Opcode ID: 817e4bd11004b34f0d9ee0657aa47416c8f7398feaa8474a98fd3fe14e7fbdd3
                                                                                                                                                                                                                                                        • Instruction ID: b6c00a8e9187b86ca17d96db1692b0e3adef902fd7021ae2540d95db4114b81b
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 817e4bd11004b34f0d9ee0657aa47416c8f7398feaa8474a98fd3fe14e7fbdd3
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6E818431F06B4286EB568F6AE8606B937A2FB48B98F044035DD1E63B55EF3EE544C704
                                                                                                                                                                                                                                                        Function 00007FFDA3542410 Relevance: 38.6, APIs: 9, Strings: 13, Instructions: 113COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: BuildErr_StringValue$CharFromUnicode_Wide
                                                                                                                                                                                                                                                        • String ID: AccessMode$AccessPermissions$Identifier$Inheritance$Invalid value for TrusteeForm$MultipleTrustee$MultipleTrusteeOperation$Trustee$TrusteeForm$TrusteeForm not yet supported$TrusteeType${s:O,s:l,s:l,s:l,s:N}${s:l,s:l,s:l,s:N}
                                                                                                                                                                                                                                                        • API String ID: 4150572817-4268317626
                                                                                                                                                                                                                                                        • Opcode ID: c98c665ab8a0a4017fd0a264350303892bf8c1112e9847fedee4e5de0a27f4e9
                                                                                                                                                                                                                                                        • Instruction ID: 3204d9ac89adedeac67f2202101d6971fe6499980e4852a96bc1600cceaf2180
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c98c665ab8a0a4017fd0a264350303892bf8c1112e9847fedee4e5de0a27f4e9
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 45516A35B0AB4286EB268F1DF46006937A2FB48B90F144135DA4E63B66DF3EF545C708
                                                                                                                                                                                                                                                        Function 00007FFDA3543890 Relevance: 36.9, APIs: 14, Strings: 7, Instructions: 174COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Err_$Format$AccessAuditObjectfree$Arg_ErrorLastLengthParseStringTuplemallocmemcpymemset
                                                                                                                                                                                                                                                        • String ID: %s: adding ACE would put ACL over size limit$AddAuditAccessObjectAce$AddAuditAccessObjectAce not supported by this version of Windows$AddAuditAccessObjectAce: unable to allocated %d bytes$PyACL::AddAuditAccessObjectAce$The object is not a PySID object$lllOOOii:AddAuditAccessObjectAce
                                                                                                                                                                                                                                                        • API String ID: 282185603-1609464327
                                                                                                                                                                                                                                                        • Opcode ID: 26eaf46bba8aa332da59d73b146c913fc64544bd534984a4cf7e3efad4388a83
                                                                                                                                                                                                                                                        • Instruction ID: 34e2ab5e29d27cb3526056d212551de11404fdafa8eda240b49dcc0111525d62
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 26eaf46bba8aa332da59d73b146c913fc64544bd534984a4cf7e3efad4388a83
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A8814D21B1AA0286EB16CF59E8601B973B2FB44B84F440035ED4E63BA5DF3DE519C748
                                                                                                                                                                                                                                                        Function 00007FFDA3543620 Relevance: 36.9, APIs: 14, Strings: 7, Instructions: 139COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Err_$Arg_FormatParseStringTuple
                                                                                                                                                                                                                                                        • String ID: %s: adding ACE would put ACL over size limit$AddAuditAccessAceEx$AddAuditAccessAceEx not supported by this version of Windows$AddAuditAccessAceEx: unable to allocated %d bytes$PyACL::AddAuditAccessAceEx$The object is not a PySID object$lllOii:AddAuditAccessAceEx
                                                                                                                                                                                                                                                        • API String ID: 901859003-3541680958
                                                                                                                                                                                                                                                        • Opcode ID: dd1c56f6490d01056c0aa620be259863251a6bb8c3dca21ebab00ade8506534f
                                                                                                                                                                                                                                                        • Instruction ID: 538b25e3f9f1a2a578949517a0779de34f44a8c1074f01bb04bf05571d1a6d86
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dd1c56f6490d01056c0aa620be259863251a6bb8c3dca21ebab00ade8506534f
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 84617431B1A74282DB55CF59E46027977A2FB84B84F044031EA4E63B66DF3EE519CB04
                                                                                                                                                                                                                                                        Function 00007FFDA3675194 Relevance: 36.2, APIs: 24, Instructions: 170COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: DeallocList_$X509_$AppendTuple$Y_set$E_entry_countE_get_entryY_get_dataY_get_object
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3918441104-0
                                                                                                                                                                                                                                                        • Opcode ID: db818d51d449e72e9899e89badedafafe268f1228f328daead792f54bb8280e6
                                                                                                                                                                                                                                                        • Instruction ID: 6799bc53b73a9aad666591c97ea630362f9b215e46ff3a4c9658c46842bf2ff8
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: db818d51d449e72e9899e89badedafafe268f1228f328daead792f54bb8280e6
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E3616F31F0BB4281FA585B21992433962D3BF45BA5F9C2474CB1E667A2FF7FA0458308
                                                                                                                                                                                                                                                        Function 00007FFDA3674F10 Relevance: 35.1, APIs: 15, Strings: 5, Instructions: 146COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: R_clear_errorR_peek_last_error$E_add_certErr_M_read_bio_O_ctrlO_freeO_new_mem_bufStringX509X509_X509_bioX509_freeX_get_cert_storeX_get_default_passwd_cbX_get_default_passwd_cb_userdatad2i_
                                                                                                                                                                                                                                                        • String ID: Can't allocate buffer$Certificate data is too long.$Empty certificate data$no start line: cadata does not contain a certificate$not enough data: cadata does not contain a certificate
                                                                                                                                                                                                                                                        • API String ID: 2827233063-3246380861
                                                                                                                                                                                                                                                        • Opcode ID: f77df0b0a087a1a67b16f0981dcb06e07524f71215003e28bcc92bd1838cc09b
                                                                                                                                                                                                                                                        • Instruction ID: 80d2d4173c3c3e7a9b8e9d121a069ae51cf0c69422cd275f3f4b60c390d9a35c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f77df0b0a087a1a67b16f0981dcb06e07524f71215003e28bcc92bd1838cc09b
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EA51DD21F0A60382FB549725AC742396393BF84B88F9C6531DE1E67797DF3EE4498608
                                                                                                                                                                                                                                                        Function 00007FFDA354B720 Relevance: 33.4, APIs: 13, Strings: 6, Instructions: 148COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Err_$DeallocFormatString$CharFreeMem_Sequence_TupleUnicode_Widefreemallocmemset
                                                                                                                                                                                                                                                        • String ID: <NULL!!>$Getting WCHAR string$None is not a valid string in this context$Objects of type '%s' can not be converted to Unicode.$Sequence can contain at most %d items$Unable to allocate %d bytes
                                                                                                                                                                                                                                                        • API String ID: 1433913835-2102981847
                                                                                                                                                                                                                                                        • Opcode ID: 8535e905c18311b126149db4c654d6e50bde341e448ca8767d7c62fbaddd82d7
                                                                                                                                                                                                                                                        • Instruction ID: 7995711684f338ae250b064d310af6d4ff0d1814d96e939bf564bc4db55e0ee9
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8535e905c18311b126149db4c654d6e50bde341e448ca8767d7c62fbaddd82d7
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 51613B32F0AB4682EE16CF19E46417877A2BB84B84F494035DA8E63762DF3EF545C748
                                                                                                                                                                                                                                                        Function 00007FFDA3543410 Relevance: 33.4, APIs: 13, Strings: 6, Instructions: 126COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Err_$AccessAuditFormatfree$Arg_ErrorLastLengthParseStringTuplemallocmemcpymemset
                                                                                                                                                                                                                                                        • String ID: %s: adding ACE would put ACL over size limit$AddAuditAccessAce$AddAuditAccessAce: unable to allocated %d bytes$PyACL::AddAuditAccessAce$The object is not a PySID object$llOii:AddAuditAccessAce
                                                                                                                                                                                                                                                        • API String ID: 3041754842-240227349
                                                                                                                                                                                                                                                        • Opcode ID: 41c427efde199c7782ebfe022160a6b9792f91ee7cbc64d9b07f2f7f8afba0ed
                                                                                                                                                                                                                                                        • Instruction ID: 3f0c9f3900cb1065bd779690df1155cd9f44834ad520671c6e23cd0b8731ce25
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 41c427efde199c7782ebfe022160a6b9792f91ee7cbc64d9b07f2f7f8afba0ed
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 63518121B1A74286EB1ACF5AE8645B937A3FF84B84F044035D91E53B62DF3EF5098708
                                                                                                                                                                                                                                                        Function 00007FFDA3679EA0 Relevance: 31.7, APIs: 13, Strings: 5, Instructions: 174threadCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Dealloc$Deadline_Eval_O_ctrlThread$Err_InitL_get_rbioL_get_wbioL_set_read_aheadL_shutdownRestoreSaveStringWeakref_
                                                                                                                                                                                                                                                        • String ID: B$The read operation timed out$The write operation timed out$Underlying socket connection gone$Underlying socket too large for select().
                                                                                                                                                                                                                                                        • API String ID: 3315248981-1139084988
                                                                                                                                                                                                                                                        • Opcode ID: 5943a039c6cdb38d5f61f64391e52815a8c3dd02f3e8eae8b1d42f492bb51cbe
                                                                                                                                                                                                                                                        • Instruction ID: 57cd84a4edf9d14a877e029c5e2ccbc5abfcc03160b5e37c814ebdd0d54365ee
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5943a039c6cdb38d5f61f64391e52815a8c3dd02f3e8eae8b1d42f492bb51cbe
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D671A231B0AA4286FB608F11D56427973A2FF85B94F986531DE4E27792DF3EE485C308
                                                                                                                                                                                                                                                        Function 00007FFDA35484D0 Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 155COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: free$DescriptorSecurity$Err_Group$Arg_DaclFormatOwnerParseSaclStringTupleValidmalloc
                                                                                                                                                                                                                                                        • String ID: Oi:SetSecurityDescriptorOwner$SetSecurityDescriptorGroup$SetSecurityDescriptorGroup - invalid sid$The object is not a PySID object
                                                                                                                                                                                                                                                        • API String ID: 1524979833-2851344522
                                                                                                                                                                                                                                                        • Opcode ID: c300119cf340fa15e331d90d47fc04b330e8a1bbcced3dc3e73c2575c99f7ea4
                                                                                                                                                                                                                                                        • Instruction ID: e69670e8dbf79f43f3d8829ee2934462f579c0db9c9848f269f82e9dd931ec23
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c300119cf340fa15e331d90d47fc04b330e8a1bbcced3dc3e73c2575c99f7ea4
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 00516F22B0AA0695EF5A9F6EE8201F827A3BF40B88B440432DD1E67756DF3FE545C344
                                                                                                                                                                                                                                                        Function 00007FFDA3544770 Relevance: 31.6, APIs: 11, Strings: 7, Instructions: 98COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: String$Err_$CharUnicode_Wide
                                                                                                                                                                                                                                                        • String ID: <NULL!!>$Attributes of PyDEVMODEW can't be deleted$FormName must be a string of length %d or less$Getting WCHAR string$None is not a valid string in this context$Objects of type '%s' can not be converted to Unicode.$value is larger than a DWORD
                                                                                                                                                                                                                                                        • API String ID: 3849944921-358745228
                                                                                                                                                                                                                                                        • Opcode ID: bdc3e7128bf631bb1fbc859662b68c46382314d96899fc7225cfab469126a8c4
                                                                                                                                                                                                                                                        • Instruction ID: 8919fd77a950c31409c7cab6c7b6ab5131da69bac3a479e6f4b58855660a4658
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bdc3e7128bf631bb1fbc859662b68c46382314d96899fc7225cfab469126a8c4
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7A417F61F0AB4282EE16CF1DE4A11782362FB84B84F145131DA0F67BA2DF2EF5858308
                                                                                                                                                                                                                                                        Function 00007FFDA3544560 Relevance: 31.6, APIs: 11, Strings: 7, Instructions: 98COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: String$Err_$CharUnicode_Wide
                                                                                                                                                                                                                                                        • String ID: <NULL!!>$Attributes of PyDEVMODEW can't be deleted$DeviceName must be a string of length %d or less$Getting WCHAR string$None is not a valid string in this context$Objects of type '%s' can not be converted to Unicode.$value is larger than a DWORD
                                                                                                                                                                                                                                                        • API String ID: 3849944921-3701856451
                                                                                                                                                                                                                                                        • Opcode ID: 1339cf3604d15a9370892e0da6ac1f78a1d8c00d4b1d96f8de384227f0a6a403
                                                                                                                                                                                                                                                        • Instruction ID: e1bab1474260a38f3796156d70a26a95af327c995f193f89b440d6e77f37ff79
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1339cf3604d15a9370892e0da6ac1f78a1d8c00d4b1d96f8de384227f0a6a403
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B2417061F0AB4282EE16CB1EE4A01792363FB88BD4F145131DA5F67B66DF2EF5848344
                                                                                                                                                                                                                                                        Function 00007FFDA354C620 Relevance: 29.9, APIs: 13, Strings: 4, Instructions: 155windowCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Err_$Buffer_CharFormatFromReleaseUnicode_Wide$Arg_BufferBuildDeallocMessageObjectObject_ParseStringTupleValuewsprintf
                                                                                                                                                                                                                                                        • String ID: Buffer cannot be None$Buffer length can be at most %d characters$COM Error 0x%x$iNzz
                                                                                                                                                                                                                                                        • API String ID: 2036073046-2401320735
                                                                                                                                                                                                                                                        • Opcode ID: 4fed1c0e6664d21868abd63e6797ee29565fbc786b664ad84a8487749ffcb9f1
                                                                                                                                                                                                                                                        • Instruction ID: 6b9ad32d8edbd7517ef7951b34d6698b7b82fa42996503cd0401021cb1f67eb5
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4fed1c0e6664d21868abd63e6797ee29565fbc786b664ad84a8487749ffcb9f1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5F61A331F0AA4282EF668F1DE86027963A3FF85794F444135DA4E53BA6DF3EE5048748
                                                                                                                                                                                                                                                        Function 00007FFDA367C3D0 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 123COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: DeallocErr_State_$Releasememcpy$Arg_ArgsCallClearDecodeEnsureFunctionL_get_ex_dataObject_OccurredParseTupleUnicode_UnraisableWrite
                                                                                                                                                                                                                                                        • String ID: strict$z#y#
                                                                                                                                                                                                                                                        • API String ID: 311804506-2662034392
                                                                                                                                                                                                                                                        • Opcode ID: 1db957280277213e8634e1e9bf35a161e2a8030f33213582c3943b94ad45a2c4
                                                                                                                                                                                                                                                        • Instruction ID: f1771c5589bffa18b6a2de084d81f393d3719901bd90c3cfb8b6510195ed7059
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1db957280277213e8634e1e9bf35a161e2a8030f33213582c3943b94ad45a2c4
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2C514D32B0AA8282FB558F11E52427967A2FB45FD0F8C6131DA4E27796DF3EE4548708
                                                                                                                                                                                                                                                        Function 00007FFDA3548070 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 141COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: DescriptorSecurityfree$Err_SaclString$Arg_DaclGroupLengthOwnerParseTupleValid
                                                                                                                                                                                                                                                        • String ID: SetSecurityDescriptorSacl$The object is not a PyACL object$iOi:SetSacl
                                                                                                                                                                                                                                                        • API String ID: 1467358711-1973599164
                                                                                                                                                                                                                                                        • Opcode ID: ca031ff84b3ac6ab0230af49dea1aa47d77822ddcdcf60e7dd2b298a8373459c
                                                                                                                                                                                                                                                        • Instruction ID: d2ec79c9f841d669df0939fd37fad988d0d705dc2cc0d40c23075a2da17561d0
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ca031ff84b3ac6ab0230af49dea1aa47d77822ddcdcf60e7dd2b298a8373459c
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 33515F22F0AB4285FF5A9F69D8605B827A3BF44B84B444032DE1E67B56DF3EE545C308
                                                                                                                                                                                                                                                        Function 00007FFDA35482F0 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 138COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: DescriptorSecurityfree$Err_OwnerString$Arg_DaclGroupLengthParseSaclTupleValid
                                                                                                                                                                                                                                                        • String ID: Oi:SetSecurityDescriptorOwner$SetSecurityDescriptorOwner$The object is not a PySID object
                                                                                                                                                                                                                                                        • API String ID: 965136164-2833774516
                                                                                                                                                                                                                                                        • Opcode ID: 7271bdf78a4c65457abcfe2ff72261ddf3eb67bcd4a8f1aaaa12165b7929d36e
                                                                                                                                                                                                                                                        • Instruction ID: cd5693535c2525324dd077e6104488719e4feebefdaa15424f51d837f020a81e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7271bdf78a4c65457abcfe2ff72261ddf3eb67bcd4a8f1aaaa12165b7929d36e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 76515122B0A70285EF5A9F69E8602B827A3BF44BC8B444432DD1F67B55DF3EE545C344
                                                                                                                                                                                                                                                        Function 00007FFDA3541F50 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 124COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Dealloc$Arg_Err_KeywordsParseStringTupleTuple_
                                                                                                                                                                                                                                                        • String ID: Identifier must be PySID object when TrusteeForm = TRUSTEE_IS_SID$Identifier must be string/unicode when TrusteeForm = TRUSTEE_IS_NAME$Invalid value for TrusteeForm$The object is not a PySID object$Trustee must be a dictionary containing {MultipleTrustee,MultipleTrusteeOperation,TrusteeForm,TrusteeType,Identifier}$TrusteeForm not yet supported$llO|Ol
                                                                                                                                                                                                                                                        • API String ID: 959004690-581804069
                                                                                                                                                                                                                                                        • Opcode ID: e030765481a492b5f1dc0f46928bb67b82f3b6325f49a21945abdc45f2321e45
                                                                                                                                                                                                                                                        • Instruction ID: d1268044e95b003fd096784c53d48017f1e03ec781559c914e10c858d936d1a8
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e030765481a492b5f1dc0f46928bb67b82f3b6325f49a21945abdc45f2321e45
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BD518E36B0AB8281EB268F19F46417973A7FB88790F444031CA8E57B26DF3EE545C748
                                                                                                                                                                                                                                                        Function 00007FFDA354D170 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 116COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Err_$Buffer_ClearFormatFreeMem_ReleaseString$BufferCharLong_Object_OccurredUnicode_VoidWide
                                                                                                                                                                                                                                                        • String ID: Buffer cannot be None$Buffer length can be at most %d characters$WPARAM must be a unicode string, int, or buffer object (got %s)
                                                                                                                                                                                                                                                        • API String ID: 3109676845-3026970096
                                                                                                                                                                                                                                                        • Opcode ID: 638ec2c64d05b181e127cebc01ccb3966a1312f7bc25013f476e672dd9a6040d
                                                                                                                                                                                                                                                        • Instruction ID: 41c92f6bf191ab792c31cdff0bbe267cdd49a343f246db441de381a86afa9ca1
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 638ec2c64d05b181e127cebc01ccb3966a1312f7bc25013f476e672dd9a6040d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AB512321F0AB4281EF5A8F5DE46423867A2FF48B84F484031DA4E57B56DF3EE594C748
                                                                                                                                                                                                                                                        Function 00007FFDA3542150 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 103COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Err_String$BuildCharFromUnicode_ValueWide
                                                                                                                                                                                                                                                        • String ID: Identifier$Invalid value for TrusteeForm$MultipleTrustee$MultipleTrusteeOperation$TrusteeForm$TrusteeForm not yet supported$TrusteeType${s:O,s:l,s:l,s:l,s:N}
                                                                                                                                                                                                                                                        • API String ID: 2305401427-1816636059
                                                                                                                                                                                                                                                        • Opcode ID: 11424eade5fed42f9f58899388f0ccfc8f6636113c6dcc90c7ab34a3f4ba7640
                                                                                                                                                                                                                                                        • Instruction ID: 9fff346694330f46ccb673f62269ceba3b073dfd06897c5e8672eb7917f4d24a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 11424eade5fed42f9f58899388f0ccfc8f6636113c6dcc90c7ab34a3f4ba7640
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 36419D35B0AB4286EB568F1DF86026973A2FB44B90F144131CA4E63B66DF3EF185C748
                                                                                                                                                                                                                                                        Function 00007FFDA36759CC Relevance: 27.1, APIs: 18, Instructions: 111COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: DeallocList_$L_sk_numS_free$Size$AppendFromJ_obj2nidL_sk_valueStringTupleUnicode_X509_get_ext_d2i
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 230305477-0
                                                                                                                                                                                                                                                        • Opcode ID: 5f4787f238d784b37eba2f6d2076294fc9d45f18871587789bbf7c08a8189ad0
                                                                                                                                                                                                                                                        • Instruction ID: e22be87f1457ef70eddf0a3bb5c704cd362b32a3550e6db1a731b2a643115bb4
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5f4787f238d784b37eba2f6d2076294fc9d45f18871587789bbf7c08a8189ad0
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F0413321F0B64682FA549F22E97433923A2AF44F95F8C6474CE0E67756EF7EE4458308
                                                                                                                                                                                                                                                        Function 00007FFDA35496D0 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 113COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Authority$CountErrorIdentifierLastValid
                                                                                                                                                                                                                                                        • String ID: %lu$-%lu$0x%02hx%02hx%02hx%02hx%02hx%02hx$S-%lu-
                                                                                                                                                                                                                                                        • API String ID: 228009767-531523367
                                                                                                                                                                                                                                                        • Opcode ID: d6c7cb6490dbf970e67454a7506a052b5853455ff350a4c329918d20f5ccb460
                                                                                                                                                                                                                                                        • Instruction ID: f450b06f6c38e7e09a5a16599d9f7a29034366511efebf42c9dd26ef4d576d77
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d6c7cb6490dbf970e67454a7506a052b5853455ff350a4c329918d20f5ccb460
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4651E162B097D182DB128F2AB8642797BA2FB85B85F048035DE8E53716DE3EE148C704
                                                                                                                                                                                                                                                        Function 00007FFDA354ABB0 Relevance: 26.3, APIs: 11, Strings: 4, Instructions: 95memoryCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: String$Err_$AllocBytes_CharTaskWide$ByteFormatFreeMem_MultiSizeUnicode_memcpy
                                                                                                                                                                                                                                                        • String ID: <NULL!!>$None is not a valid string in this context$Objects of type '%s' can not be converted to Unicode.$value is larger than a DWORD
                                                                                                                                                                                                                                                        • API String ID: 1531658785-4125661472
                                                                                                                                                                                                                                                        • Opcode ID: 3347bce25c09ebf94e70747036ae54bb500433f39d5cdda55fb947e0f7a70fe8
                                                                                                                                                                                                                                                        • Instruction ID: 72aaf49fbfb8e7a4d0b204bc00d49366e776d7dcb91eafbeede3cae26f73bbdc
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3347bce25c09ebf94e70747036ae54bb500433f39d5cdda55fb947e0f7a70fe8
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6E410E21B0BB4282EE9A8F1DE46427867A3BB44B81F444135D94E67756DF3EF544C348
                                                                                                                                                                                                                                                        Function 00007FFDA354AA10 Relevance: 26.3, APIs: 11, Strings: 4, Instructions: 94memoryCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: String$Err_$AllocBytes_CharTaskWide$ByteFormatFreeMem_MultiSizeUnicode_memcpy
                                                                                                                                                                                                                                                        • String ID: <NULL!!>$None is not a valid string in this context$Objects of type '%s' can not be converted to Unicode.$value is larger than a DWORD
                                                                                                                                                                                                                                                        • API String ID: 1531658785-4125661472
                                                                                                                                                                                                                                                        • Opcode ID: 168a535267c4d2021b12235baa8610be014cf2e5a84bacd634d05af756321a3e
                                                                                                                                                                                                                                                        • Instruction ID: dec8b86cea07198540a6801c6031490ecd15dbdb0701502a9d81bfb3a8e2c35c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 168a535267c4d2021b12235baa8610be014cf2e5a84bacd634d05af756321a3e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EE410721B1AB4281EE56CF1EE46427877A3BB88B84F484035D94E67B52DF3EE544C748
                                                                                                                                                                                                                                                        Function 00007FFDA3541DD0 Relevance: 26.3, APIs: 13, Strings: 2, Instructions: 92COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Item$Sequence_$DeallocDict_Err_Mapping_SizeTuple_$CheckClearItemsString
                                                                                                                                                                                                                                                        • String ID: Object must be a mapping (dictionary, class instance, etc$__dict__
                                                                                                                                                                                                                                                        • API String ID: 581612630-910247860
                                                                                                                                                                                                                                                        • Opcode ID: 5d4b3b7ce0b7b16c71f8fdb79b69360d59f5c68d73fa31168451f9c5b6ef5398
                                                                                                                                                                                                                                                        • Instruction ID: b6a9620db045669e1071d064a5520682a6d6f891c3ada7a12e0453e6b90879f5
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5d4b3b7ce0b7b16c71f8fdb79b69360d59f5c68d73fa31168451f9c5b6ef5398
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7F313225F0A74282EA168F1AE86422567A3EF45FC5F084030CE4F57B66DF3EF6958708
                                                                                                                                                                                                                                                        Function 00007FFDA3677694 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 74COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: L_sk_numX509_$BuildE_lockErr_L_sk_pop_freeL_sk_valueStringT_get_typeValueX_get_cert_store
                                                                                                                                                                                                                                                        • String ID: crl$failed to query cert store$x509$x509_ca${sisisi}
                                                                                                                                                                                                                                                        • API String ID: 2783361091-466295505
                                                                                                                                                                                                                                                        • Opcode ID: 210b12b46044572f4f71ec99b46b66d010804930581be482105c05b28423a3dc
                                                                                                                                                                                                                                                        • Instruction ID: 6b824062f484e53d2860431d5639a222713b3624325f4818ccd74a7d76b23659
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 210b12b46044572f4f71ec99b46b66d010804930581be482105c05b28423a3dc
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7F314325B0A74382FA108F15A86817977A2FF84F94F9C3435D94E67366DF3EE0498708
                                                                                                                                                                                                                                                        Function 00007FFDA3672724 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 67COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Module_$BuildFromOpenValue$L_versionL_version_numLongLong_StringUnicode_Unsigned
                                                                                                                                                                                                                                                        • String ID: IIIII$OPENSSL_VERSION$OPENSSL_VERSION_INFO$OPENSSL_VERSION_NUMBER$_OPENSSL_API_VERSION
                                                                                                                                                                                                                                                        • API String ID: 2199365590-595941748
                                                                                                                                                                                                                                                        • Opcode ID: 5d847c3aa5937299440ca4f194db71bda3ca08f796674df5844a2f2570db2675
                                                                                                                                                                                                                                                        • Instruction ID: ee55286433e7e3b209031aa7aaa58e845f5c01285a68ce0a5607a7d6af7592b6
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5d847c3aa5937299440ca4f194db71bda3ca08f796674df5844a2f2570db2675
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6121E461F1A71382FB108B61F8645293762FF45BC4BC82536C90E6BB66EF7EE1488704
                                                                                                                                                                                                                                                        Function 00007FFDA3543030 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 162COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • PyErr_Format.PYTHON313 ref: 00007FFDA35430A6
                                                                                                                                                                                                                                                        • PyErr_SetString.PYTHON313 ref: 00007FFDA354310D
                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00007FFDA3543174
                                                                                                                                                                                                                                                        • GetLengthSid.ADVAPI32 ref: 00007FFDA3543190
                                                                                                                                                                                                                                                        • PyErr_Format.PYTHON313 ref: 00007FFDA35431BB
                                                                                                                                                                                                                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDA35431CB
                                                                                                                                                                                                                                                        • PyErr_Format.PYTHON313 ref: 00007FFDA35431F0
                                                                                                                                                                                                                                                        • memset.VCRUNTIME140 ref: 00007FFDA3543203
                                                                                                                                                                                                                                                        • memcpy.VCRUNTIME140 ref: 00007FFDA3543213
                                                                                                                                                                                                                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDA3543278
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354C400: GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFDA3547A4D,?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA354C41B
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354C400: FormatMessageW.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFDA3547A4D,?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA354C48A
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354C400: PyUnicode_DecodeMBCS.PYTHON313(?,?,?,?,?,00000000,00000000,00007FFDA3547A4D,?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA354C568
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354C400: Py_BuildValue.PYTHON313(?,?,?,?,?,00000000,00000000,00007FFDA3547A4D,?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA354C57D
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354C400: LocalFree.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFDA3547A4D,?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA354C595
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354C400: PyErr_SetObject.PYTHON313(?,?,?,?,?,00000000,00000000,00007FFDA3547A4D,?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA354C5AA
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Err_$Format$ErrorLast$BuildDecodeFreeLengthLocalMessageObjectStringUnicode_Valuefreemallocmemcpymemset
                                                                                                                                                                                                                                                        • String ID: %s not supported by this version of Windows$%s: adding ACE would put ACL over size limit$%s: unable to allocated %d bytes$The object is not a PySID object
                                                                                                                                                                                                                                                        • API String ID: 2123223808-1709335586
                                                                                                                                                                                                                                                        • Opcode ID: 23f19527f0bff15d9e74990f0f1674cade0e525a7b8c2d2658d9cfa4f814197a
                                                                                                                                                                                                                                                        • Instruction ID: 9dbe6db21c2c81530aeb63ffdb15fc13d928a1e3a5730ce68a2e79cd34dd05be
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 23f19527f0bff15d9e74990f0f1674cade0e525a7b8c2d2658d9cfa4f814197a
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DD61A721B1E74281EF269B1AE86027967A3BF88BC4F444031ED4E57B66DF3DE515C708
                                                                                                                                                                                                                                                        Function 00007FFDA354CC60 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 52COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Long$FromLong_Unsigned$BuildValue
                                                                                                                                                                                                                                                        • String ID: OtherOperationCount$OtherTransferCount$ReadOperationCount$ReadTransferCount$WriteOperationCount$WriteTransferCount${s:N,s:N,s:N,s:N,s:N,s:N}
                                                                                                                                                                                                                                                        • API String ID: 3891383402-408589094
                                                                                                                                                                                                                                                        • Opcode ID: 4ee5e6750fb859370a58b46a6f2f982fc0eabf7e348b4551c1477cedafe3e123
                                                                                                                                                                                                                                                        • Instruction ID: 4ca711e52716ad6b93f69afac59fb577bc98b4692a20495454026991fe85b58a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4ee5e6750fb859370a58b46a6f2f982fc0eabf7e348b4551c1477cedafe3e123
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A0213936A0AB4282DA01CF55F89445977B5FB88BD1B520132EE9E53725EF3EE145CB04
                                                                                                                                                                                                                                                        Function 00007FFDA3542C70 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 133COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Err_String
                                                                                                                                                                                                                                                        • String ID: %s not supported by this version of Windows$%s: adding ACE would put ACL over size limit$%s: unable to allocated %d bytes$The object is not a PySID object
                                                                                                                                                                                                                                                        • API String ID: 1450464846-1709335586
                                                                                                                                                                                                                                                        • Opcode ID: a1e77c7967686f55aa96d559abd8a6b890d2a3f689a11bfbc787306795e293e7
                                                                                                                                                                                                                                                        • Instruction ID: 5abb6feb38dc68392d0981cf38e69f499360e7bc3eb9758b0644cc10f35e0a41
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a1e77c7967686f55aa96d559abd8a6b890d2a3f689a11bfbc787306795e293e7
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3E516425B0EB5281EB1A9B1AF86013A77A3BF84FC4F444031DD4E67B66DE3EE5058708
                                                                                                                                                                                                                                                        Function 00007FFDA3542920 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 132COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Err_String
                                                                                                                                                                                                                                                        • String ID: %s not supported by this version of Windows$%s: adding ACE would put ACL over size limit$%s: unable to allocated %d bytes$The object is not a PySID object
                                                                                                                                                                                                                                                        • API String ID: 1450464846-1709335586
                                                                                                                                                                                                                                                        • Opcode ID: acd72d126dd04e3d366b3d57bba94e5d2814d11e261c2ab172a574c504a94f1b
                                                                                                                                                                                                                                                        • Instruction ID: 867d0f87513b9d969bc208c46a58ea59996990f25cab03c032fe5572e19a20c4
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: acd72d126dd04e3d366b3d57bba94e5d2814d11e261c2ab172a574c504a94f1b
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4F519025F0A75282EA1A9B5BB87003977A3BF85FC4F444031DD4E67BA6DE3EE5458308
                                                                                                                                                                                                                                                        Function 00007FFDA3547950 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 78COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • IsValidSecurityDescriptor.ADVAPI32(?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA3547960
                                                                                                                                                                                                                                                        • PyErr_SetString.PYTHON313(?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA354797B
                                                                                                                                                                                                                                                        • GetSecurityDescriptorLength.ADVAPI32(?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA3547996
                                                                                                                                                                                                                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA35479A4
                                                                                                                                                                                                                                                        • MakeSelfRelativeSD.ADVAPI32(?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA35479BD
                                                                                                                                                                                                                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA35479CE
                                                                                                                                                                                                                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA35479DE
                                                                                                                                                                                                                                                        • PyErr_Format.PYTHON313(?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA3547A02
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: DescriptorErr_Securitymalloc$FormatLengthMakeRelativeSelfStringValidfree
                                                                                                                                                                                                                                                        • String ID: Invalid Security descriptor$MakeSelfRelativeSD$Unable to allocate %d bytes
                                                                                                                                                                                                                                                        • API String ID: 1101611553-2210018374
                                                                                                                                                                                                                                                        • Opcode ID: ac73de6e39ddeed083d98a8888cc15b10e7ce052d5d07b96d89372fbc4ae9b04
                                                                                                                                                                                                                                                        • Instruction ID: ae8763e79a9fd88ea08729a54f3f8d15fb7d8f6e7e8e5eca10b97e12960fe1a4
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ac73de6e39ddeed083d98a8888cc15b10e7ce052d5d07b96d89372fbc4ae9b04
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E6316821F1AB4182EF458B2AF46423963A2FF88B84F444031DA5F57759DF3EE5458708
                                                                                                                                                                                                                                                        Function 00007FFDA3541BE0 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 127COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Err_Formatmalloc
                                                                                                                                                                                                                                                        • String ID: Ace type %d is not supported yet$Error reordering ACL: Unable to allocate acl of size %d$ReorderACL
                                                                                                                                                                                                                                                        • API String ID: 1659041409-545600788
                                                                                                                                                                                                                                                        • Opcode ID: 80076816f9a1870518144f9e70f1a9ffdbb8e573a704e52155d4e8cf1921dfc3
                                                                                                                                                                                                                                                        • Instruction ID: bb8d15ccc4d7cf99e0430f9df1662f817794ada49c5011cb057952eed6f90f02
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 80076816f9a1870518144f9e70f1a9ffdbb8e573a704e52155d4e8cf1921dfc3
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1B51C661F0D79281E7268F2AA42027ABBA3FB85F80F545035DD8E63B56CE3EE145C744
                                                                                                                                                                                                                                                        Function 00007FFDA3546BF0 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 113COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: DeallocErr_StringUnicode_
                                                                                                                                                                                                                                                        • String ID: Internal$InternalHigh$The object is not a PyHANDLE object$can't delete OVERLAPPED attributes$hEvent
                                                                                                                                                                                                                                                        • API String ID: 3427960318-2811562281
                                                                                                                                                                                                                                                        • Opcode ID: 6f9bae75d1a21e5200ff923e5a1191e3a43b0791db843c6bce82305bf55956a3
                                                                                                                                                                                                                                                        • Instruction ID: 2e3f17b435d80c15754e6cc94403db7eb5ccd8284c903c38bb0ce3a7e927d47d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6f9bae75d1a21e5200ff923e5a1191e3a43b0791db843c6bce82305bf55956a3
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A3515261B0EB4281EA9A8B2EE46027963A3FF45B84F144131DA4E67796DF3EF5548308
                                                                                                                                                                                                                                                        Function 00007FFDA3675B5C Relevance: 21.1, APIs: 14, Instructions: 101COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • X509_get_ext_d2i.LIBCRYPTO-3(?,?,00000000,00007FFDA3675974), ref: 00007FFDA3675B83
                                                                                                                                                                                                                                                        • PyList_New.PYTHON313(?,?,00000000,00007FFDA3675974), ref: 00007FFDA3675B9F
                                                                                                                                                                                                                                                        • OPENSSL_sk_num.LIBCRYPTO-3(?,?,00000000,00007FFDA3675974), ref: 00007FFDA3675BB7
                                                                                                                                                                                                                                                        • OPENSSL_sk_value.LIBCRYPTO-3(?,?,00000000,00007FFDA3675974), ref: 00007FFDA3675BCB
                                                                                                                                                                                                                                                        • OPENSSL_sk_num.LIBCRYPTO-3(?,?,00000000,00007FFDA3675974), ref: 00007FFDA3675BE3
                                                                                                                                                                                                                                                        • OPENSSL_sk_value.LIBCRYPTO-3(?,?,00000000,00007FFDA3675974), ref: 00007FFDA3675BF3
                                                                                                                                                                                                                                                        • PyUnicode_FromStringAndSize.PYTHON313(?,?,00000000,00007FFDA3675974), ref: 00007FFDA3675C09
                                                                                                                                                                                                                                                        • PyList_Append.PYTHON313(?,?,00000000,00007FFDA3675974), ref: 00007FFDA3675C1D
                                                                                                                                                                                                                                                        • _Py_Dealloc.PYTHON313(?,?,00000000,00007FFDA3675974), ref: 00007FFDA3675C33
                                                                                                                                                                                                                                                        • OPENSSL_sk_num.LIBCRYPTO-3(?,?,00000000,00007FFDA3675974), ref: 00007FFDA3675C44
                                                                                                                                                                                                                                                        • OPENSSL_sk_num.LIBCRYPTO-3(?,?,00000000,00007FFDA3675974), ref: 00007FFDA3675C55
                                                                                                                                                                                                                                                        • PyList_AsTuple.PYTHON313(?,?,00000000,00007FFDA3675974), ref: 00007FFDA3675C6D
                                                                                                                                                                                                                                                        • _Py_Dealloc.PYTHON313(?,?,00000000,00007FFDA3675974), ref: 00007FFDA3675C8D
                                                                                                                                                                                                                                                        • CRL_DIST_POINTS_free.LIBCRYPTO-3(?,?,00000000,00007FFDA3675974), ref: 00007FFDA3675C96
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: L_sk_num$List_$DeallocL_sk_value$AppendFromS_freeSizeStringTupleUnicode_X509_get_ext_d2i
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3668485020-0
                                                                                                                                                                                                                                                        • Opcode ID: d903ec9832bbd2f6dd33dbfaa78e45da9855e2f592df6336c9e26f94e30de93d
                                                                                                                                                                                                                                                        • Instruction ID: 09e3ab0bcc5862ec325455136a5d4a8f7720fbf67c3ae15d2fa8f48aa0925fbc
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d903ec9832bbd2f6dd33dbfaa78e45da9855e2f592df6336c9e26f94e30de93d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7D414431B0BA0685FA549F22A9743352362BF45F95F8C6474CE0F26756DF3EE4498308
                                                                                                                                                                                                                                                        Function 00007FFDA354AD90 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 94COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Err_String$FormatUnicode_
                                                                                                                                                                                                                                                        • String ID: Expected 'bytes', got '%s'$None is not a valid string in this context$value is larger than a DWORD
                                                                                                                                                                                                                                                        • API String ID: 744494611-3495899980
                                                                                                                                                                                                                                                        • Opcode ID: 642d062dd71c2c3f8c7481d2541cfedb3f89497689dab01917ab17cc1366d4e1
                                                                                                                                                                                                                                                        • Instruction ID: 43234a97eba60ee7046f0f02d54a6c36d1e9d947b94ef8bae83702984ba452b8
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 642d062dd71c2c3f8c7481d2541cfedb3f89497689dab01917ab17cc1366d4e1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BA416121F0BB4285EA96CF1EE82417967A3BF48BC0F194031D91E67B56DE3EE594C348
                                                                                                                                                                                                                                                        Function 00007FFDA354B040 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 81memoryCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: String$Err_$FreeMem_$AllocCharFormatUnicode_Wide
                                                                                                                                                                                                                                                        • String ID: <NULL!!>$None is not a valid string in this context$Objects of type '%s' can not be converted to Unicode.$value is larger than a DWORD
                                                                                                                                                                                                                                                        • API String ID: 2830890580-4125661472
                                                                                                                                                                                                                                                        • Opcode ID: 2f2fd1bd077cf4d9f48c6f4d287ef1593a6289a2c9030374ace75b4ff9283679
                                                                                                                                                                                                                                                        • Instruction ID: df1ec53a2e1bf9cac12bc8711f91658c72e46e3f43dcfbd7b2c40d1d00e7775e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2f2fd1bd077cf4d9f48c6f4d287ef1593a6289a2c9030374ace75b4ff9283679
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 52317131B0AB8282EF568F19E46023967A2FF88BD0F444131DA8E63B56DF3DE545C708
                                                                                                                                                                                                                                                        Function 00007FFDA3673FC8 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 60COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: String$Bytes_D_bytesErr_FromSize
                                                                                                                                                                                                                                                        • String ID: (ks)$num must be positive
                                                                                                                                                                                                                                                        • API String ID: 574210595-3708576348
                                                                                                                                                                                                                                                        • Opcode ID: b7e4ef26f4134154d151b764a8479846e705c9ca53a204c3a9fce73e237e3f66
                                                                                                                                                                                                                                                        • Instruction ID: d2ab1a83180fbecb2bd8751abfc2b38aaf0e40dd05172fda226d45c94b247714
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b7e4ef26f4134154d151b764a8479846e705c9ca53a204c3a9fce73e237e3f66
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E7214725F0A612C1FB158F21E97813823A6BF48F94F8C6431C90E66766DF3EE4458348
                                                                                                                                                                                                                                                        Function 00007FFDA367C2AC Relevance: 19.6, APIs: 13, Instructions: 86encryptionCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Mem_$CertEnhancedFreeSet_Usage$DeallocErr_ErrorFromFrozenLastMallocMemoryStringUnicode_
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 2458427691-0
                                                                                                                                                                                                                                                        • Opcode ID: 2cd6634cda7950ea608b26807c57f45d5ce5584d3dae50a6d6ae09d557c1b1f0
                                                                                                                                                                                                                                                        • Instruction ID: 72ad632ce6c6c436b8fd6c4d346eeb8f82b561bde1251bc2a2252ccc9aed0e21
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2cd6634cda7950ea608b26807c57f45d5ce5584d3dae50a6d6ae09d557c1b1f0
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 79317431B0BA02C1FB549F65A46453C63A2BF84BA4F8C2435D95E62792DF3FE4498308
                                                                                                                                                                                                                                                        Function 00007FFDA354C400 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 133windowCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFDA3547A4D,?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA354C41B
                                                                                                                                                                                                                                                        • FormatMessageW.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFDA3547A4D,?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA354C48A
                                                                                                                                                                                                                                                        • PyUnicode_FromWideChar.PYTHON313(?,?,?,?,?,00000000,00000000,00007FFDA3547A4D,?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA354C549
                                                                                                                                                                                                                                                        • PyUnicode_DecodeMBCS.PYTHON313(?,?,?,?,?,00000000,00000000,00007FFDA3547A4D,?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA354C568
                                                                                                                                                                                                                                                        • Py_BuildValue.PYTHON313(?,?,?,?,?,00000000,00000000,00007FFDA3547A4D,?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA354C57D
                                                                                                                                                                                                                                                        • LocalFree.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFDA3547A4D,?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA354C595
                                                                                                                                                                                                                                                        • PyErr_SetObject.PYTHON313(?,?,?,?,?,00000000,00000000,00007FFDA3547A4D,?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA354C5AA
                                                                                                                                                                                                                                                        • _Py_Dealloc.PYTHON313(?,?,?,?,?,00000000,00000000,00007FFDA3547A4D,?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA354C5BE
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Unicode_$BuildCharDeallocDecodeErr_ErrorFormatFreeFromLastLocalMessageObjectValueWide
                                                                                                                                                                                                                                                        • String ID: (iNN)$No error message is available$ignore
                                                                                                                                                                                                                                                        • API String ID: 3492665310-37674240
                                                                                                                                                                                                                                                        • Opcode ID: 89342b33277597b3a4676ff5a8e6ea240fe01a07b6f10a9c172c7993dd11e9a3
                                                                                                                                                                                                                                                        • Instruction ID: a1f7368d84ace5d26f9d2feaf092f269051268fe4544d356d2519a36f8077b18
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 89342b33277597b3a4676ff5a8e6ea240fe01a07b6f10a9c172c7993dd11e9a3
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FB51A121F0A64291EE1A8F1DE46027963A3FFC5B80F484131DA4F67796DF3EE4428308
                                                                                                                                                                                                                                                        Function 00007FFDA367C7B8 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 97COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Err_$Arg_FormatParseStringWarnX_ctrl
                                                                                                                                                                                                                                                        • String ID: The context's protocol doesn't support modification of highest and lowest version.$Unsupported TLS/SSL version 0x%x$Unsupported protocol version 0x%x$ssl.TLSVersion.SSLv3 is deprecated$ssl.TLSVersion.TLSv1 is deprecated$ssl.TLSVersion.TLSv1_1 is deprecated
                                                                                                                                                                                                                                                        • API String ID: 3279334173-3879554506
                                                                                                                                                                                                                                                        • Opcode ID: 91ac4c308643b8c7215cc0744572f8430fb83311e0c191197f64f9fa85b5f0ab
                                                                                                                                                                                                                                                        • Instruction ID: 788e5c8f807752d303a0e19138d4563268793a4949705e405caf8a34d468f5bf
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 91ac4c308643b8c7215cc0744572f8430fb83311e0c191197f64f9fa85b5f0ab
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2F418221B1E51286FA718F19D4745392B62AF45B80FEC7231C51D62BE6CF2FE9448708
                                                                                                                                                                                                                                                        Function 00007FFDA3676374 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 93COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Err_String$DeallocMem_$FormatFreeMallocUnicode_memcpy
                                                                                                                                                                                                                                                        • String ID: password cannot be longer than %d bytes$unable to allocate password buffer
                                                                                                                                                                                                                                                        • API String ID: 1570515377-2395793021
                                                                                                                                                                                                                                                        • Opcode ID: a0670d9b12e7f607e22c3cafcb4cfb255c0c9d6039909e018bc8a60c94961bbe
                                                                                                                                                                                                                                                        • Instruction ID: ccbf9445a6fa1fca31568d667c6c5a547180bb147118e5d2789fe89e0b3ff669
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a0670d9b12e7f607e22c3cafcb4cfb255c0c9d6039909e018bc8a60c94961bbe
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9F414F21F0AA42C1FA549F16D56417963A2FF44F94F9CA431CA4E2779ADF3EE4498308
                                                                                                                                                                                                                                                        Function 00007FFDA354CEB0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 60COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Err_Long$Occurred$DeallocLong_$ClearFormatNumber_Unsigned
                                                                                                                                                                                                                                                        • String ID: Unable to convert %s to pointer-sized value
                                                                                                                                                                                                                                                        • API String ID: 1465853305-2431006615
                                                                                                                                                                                                                                                        • Opcode ID: 57e26dbec32f2f369f39d670887e51803981aee692bf8c45d946dd112ecbf49d
                                                                                                                                                                                                                                                        • Instruction ID: c04d4da8989e7927aeb6665514fd71a89c5f495decb2588bbf9d5aac33168991
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 57e26dbec32f2f369f39d670887e51803981aee692bf8c45d946dd112ecbf49d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CF217431F0BB0291EF064F69E46413427A2AF45BA5F040230D92F227D6DF3EF1458704
                                                                                                                                                                                                                                                        Function 00007FFDA354C110 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 38threadmemoryCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: State_SwapThread$ErrorFatalFunc$AllocLocalValue
                                                                                                                                                                                                                                                        • String ID: Out of memory allocating thread state.$PyWinInterpreterState_Ensure$pywintypes: can not setup interpreter state, as current state is invalid
                                                                                                                                                                                                                                                        • API String ID: 4234957216-1490924957
                                                                                                                                                                                                                                                        • Opcode ID: ea76954ba2b931e15fda9edfbedd9c8b0e85c06434b3c3fd715313b2e18efd7a
                                                                                                                                                                                                                                                        • Instruction ID: a46546e0e14feafc7e42bf941daf5e69b8648df27b96cca0096d40cd37bd0ebd
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ea76954ba2b931e15fda9edfbedd9c8b0e85c06434b3c3fd715313b2e18efd7a
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0811A424F0AB4396EF1A9B28E86422927A2BF44B56F441435C54E22766DF3EF654C308
                                                                                                                                                                                                                                                        Function 00007FFDA3678268 Relevance: 18.1, APIs: 12, Instructions: 71threadCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Eval_H_freeThread_errno$Err_ErrnoFilenameFromHparamsM_read_ObjectPy_fopen_objR_clear_errorRestoreSaveWithX_ctrlfclose
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 1346594628-0
                                                                                                                                                                                                                                                        • Opcode ID: afa238874eb3aa792ad155579ee5bdd9c70baf79b46d895c036ba73493ed3cf6
                                                                                                                                                                                                                                                        • Instruction ID: 00b010022c0ec058822124030a2bb2041f9234d0c281ab061adc7ec15a8ecda9
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: afa238874eb3aa792ad155579ee5bdd9c70baf79b46d895c036ba73493ed3cf6
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BC316435B1AA4182F7109B66E8255297362FF88F85F8C6430CE4D57B66DF3EE449C708
                                                                                                                                                                                                                                                        Function 00007FFDA354CA90 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 89timeCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • FileTimeToSystemTime.KERNEL32 ref: 00007FFDA354CACD
                                                                                                                                                                                                                                                        • FileTimeToSystemTime.KERNEL32 ref: 00007FFDA354CAFF
                                                                                                                                                                                                                                                        • FileTimeToSystemTime.KERNEL32 ref: 00007FFDA354CB32
                                                                                                                                                                                                                                                        • PyLong_FromUnsignedLong.PYTHON313 ref: 00007FFDA354CB6B
                                                                                                                                                                                                                                                        • PyLong_FromUnsignedLong.PYTHON313 ref: 00007FFDA354CB78
                                                                                                                                                                                                                                                        • PyLong_FromUnsignedLong.PYTHON313 ref: 00007FFDA354CB85
                                                                                                                                                                                                                                                        • PyLong_FromUnsignedLong.PYTHON313 ref: 00007FFDA354CB92
                                                                                                                                                                                                                                                        • Py_BuildValue.PYTHON313 ref: 00007FFDA354CBD0
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354C400: GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFDA3547A4D,?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA354C41B
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354C400: FormatMessageW.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFDA3547A4D,?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA354C48A
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354C400: PyUnicode_DecodeMBCS.PYTHON313(?,?,?,?,?,00000000,00000000,00007FFDA3547A4D,?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA354C568
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354C400: Py_BuildValue.PYTHON313(?,?,?,?,?,00000000,00000000,00007FFDA3547A4D,?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA354C57D
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354C400: LocalFree.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFDA3547A4D,?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA354C595
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354C400: PyErr_SetObject.PYTHON313(?,?,?,?,?,00000000,00000000,00007FFDA3547A4D,?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA354C5AA
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354A400: PyObject_GetAttrString.PYTHON313(?,?,?,?,?,?,?,?,?,00007FFDA3549C6D), ref: 00007FFDA354A444
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354A400: _Py_Dealloc.PYTHON313(?,?,?,?,?,?,?,?,?,00007FFDA3549C6D), ref: 00007FFDA354A4A8
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Time$FromLongLong_Unsigned$FileSystem$BuildValue$AttrDeallocDecodeErr_ErrorFormatFreeLastLocalMessageObjectObject_StringUnicode_
                                                                                                                                                                                                                                                        • String ID: FileTimeToSystemTime$lNNNNNNNuu
                                                                                                                                                                                                                                                        • API String ID: 3509019891-4021486075
                                                                                                                                                                                                                                                        • Opcode ID: e012cac86467e09425fc3eb86c788589e93cbae2027880d1750f8e61441089dd
                                                                                                                                                                                                                                                        • Instruction ID: de367b49a8a1792145af6e2ed2a69c28637ae2719bfd6f31232c27066f9212bf
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e012cac86467e09425fc3eb86c788589e93cbae2027880d1750f8e61441089dd
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7D41C136B0AB4191EB12DB19F8645AA73A6FB88784F814032DE8E53756DF3DF146C704
                                                                                                                                                                                                                                                        Function 00007FFDA354B1A0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 74COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: String$Err_$CharUnicode_Wide
                                                                                                                                                                                                                                                        • String ID: <NULL!!>$Getting WCHAR string$None is not a valid string in this context$Objects of type '%s' can not be converted to Unicode.$value is larger than a DWORD
                                                                                                                                                                                                                                                        • API String ID: 3849944921-1275048830
                                                                                                                                                                                                                                                        • Opcode ID: b0e8982cd879d59a9668f92adfe5365474881f42431a1bc4517e5c5527a76195
                                                                                                                                                                                                                                                        • Instruction ID: ac50510ebb45ceca300bb7374f7663cca03d5b48accadab3613fc01629c4d797
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b0e8982cd879d59a9668f92adfe5365474881f42431a1bc4517e5c5527a76195
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7F315031B0EB4282EF56CF5EF4A012867A2FB88BC4F444031DA4E67B66DF2EE5448744
                                                                                                                                                                                                                                                        Function 00007FFDA354C030 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 63COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Err_$ClearDeallocObject_String$AttrCallCallable_CheckObject
                                                                                                                                                                                                                                                        • String ID: Expected a socket object or numeric socket handle$fileno
                                                                                                                                                                                                                                                        • API String ID: 994754094-511972153
                                                                                                                                                                                                                                                        • Opcode ID: 7b3fa4a733cc4a24dd089f9560dc52097b810a406d96155e0d7f2db213339288
                                                                                                                                                                                                                                                        • Instruction ID: 3aef656e5440fd0a66dc691bdd910e8580a2cb50701e52504b5700ce08353bf9
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7b3fa4a733cc4a24dd089f9560dc52097b810a406d96155e0d7f2db213339288
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AD216231F0A64291EF468F6AE96423967A3AF85BD0F084031DA0F67756EF3EF5408708
                                                                                                                                                                                                                                                        Function 00007FFDA367628C Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 63threadCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: DeallocEval_Thread$Err_FormatSave$ArgsCallObject_RestoreStringUnicode_memcpy
                                                                                                                                                                                                                                                        • String ID: password callback must return a string$password cannot be longer than %d bytes
                                                                                                                                                                                                                                                        • API String ID: 1551476282-1265974473
                                                                                                                                                                                                                                                        • Opcode ID: 451fe9cc037ae4ca0a52fdb4c774a51eb6ad11dc906b9a496bd4567f73c984d8
                                                                                                                                                                                                                                                        • Instruction ID: ee0aca2e356161c4cda96db3039ae4103c7e15908fe6b8ec6a3921acb1828baf
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 451fe9cc037ae4ca0a52fdb4c774a51eb6ad11dc906b9a496bd4567f73c984d8
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9C211A31F0AA42C6FA549B21E96417823B2FB44B95F8C6431DA1E63796CF3EE854C748
                                                                                                                                                                                                                                                        Function 00007FFDA3549AB0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 62COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Dealloc$Object_$AttrCallImportImport_MethodModuleStringTuple_
                                                                                                                                                                                                                                                        • String ID: TimeZoneInfo$utc$win32timezone
                                                                                                                                                                                                                                                        • API String ID: 4031171350-3909237026
                                                                                                                                                                                                                                                        • Opcode ID: 1639c5302ffb4b87e894b55701020ee97428cbbd91a9955a819a0ce4ffca2fd5
                                                                                                                                                                                                                                                        • Instruction ID: c1616657abfa275ad066848c80321997dad617ccda443ed2ef7496b8f919eb20
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1639c5302ffb4b87e894b55701020ee97428cbbd91a9955a819a0ce4ffca2fd5
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4721F971F0F74281EB5B8B29E96627832A3AF48B94F488034C90E66752DF3EF554C708
                                                                                                                                                                                                                                                        Function 00007FFDA3678BB4 Relevance: 17.5, APIs: 5, Strings: 5, Instructions: 47COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Arg_ArgumentErr_SizeStringUnicode_
                                                                                                                                                                                                                                                        • String ID: No cipher can be selected.$argument$embedded null character$set_ciphers$str
                                                                                                                                                                                                                                                        • API String ID: 4155279725-2765033273
                                                                                                                                                                                                                                                        • Opcode ID: ea065838c93bf123b15737771585479b577fca96907ef9b0e34c49fa14334f0e
                                                                                                                                                                                                                                                        • Instruction ID: 679247ed88aeef286529dfdd1bf9318e53ca87e9fef9af3e4913a57387fd34f6
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ea065838c93bf123b15737771585479b577fca96907ef9b0e34c49fa14334f0e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D9118161B0BB4691FA108B15E4A40742362FF49BD0F8C6531CA1E277A2DF2EE889C308
                                                                                                                                                                                                                                                        Function 00007FFDA354CD50 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 98COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Err_$DeallocFormatStringfreemalloc
                                                                                                                                                                                                                                                        • String ID: Sequence of dwords cannot be None$Unable to allocate %d bytes
                                                                                                                                                                                                                                                        • API String ID: 3558336878-651347692
                                                                                                                                                                                                                                                        • Opcode ID: fcb0ab8fe880c01fc9c4e7ef5ed6a4521f4b799ff651dcb487074c39814b8e6a
                                                                                                                                                                                                                                                        • Instruction ID: 8fdd7e1a410d023a071977f7fcbd2ad39fc81360052f8b9b0081d47e0f6b1213
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fcb0ab8fe880c01fc9c4e7ef5ed6a4521f4b799ff651dcb487074c39814b8e6a
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C8416C32B0AB4286EB16CF19E46413877A2FB89B94F044131DE4E17B65DF3EE495C708
                                                                                                                                                                                                                                                        Function 00007FFDA354C220 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 36memorythreadCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ErrorFatalFuncValue$AllocLocalState_Thread
                                                                                                                                                                                                                                                        • String ID: Can not setup thread state, as have no interpreter state$Out of memory allocating thread state.$PyWinThreadState_Ensure
                                                                                                                                                                                                                                                        • API String ID: 1925565299-3250566352
                                                                                                                                                                                                                                                        • Opcode ID: 1cac388a50adace923c6ae1d37d3e8f41fd299e6d5f024e93c89565b812c4a96
                                                                                                                                                                                                                                                        • Instruction ID: 2695a5a4f455438fea58059ca7fd9fc8965a7678cb1e392e1fd054b0bbc7a994
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1cac388a50adace923c6ae1d37d3e8f41fd299e6d5f024e93c89565b812c4a96
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 09110C34F0AB4292EB068F18E8641753762BF44749F440535C54E62766EF7FF6958708
                                                                                                                                                                                                                                                        Function 00007FFDA3672828 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 31COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: FromInternStringUnicode_$Module_State
                                                                                                                                                                                                                                                        • String ID: library$reason$verify_code$verify_message
                                                                                                                                                                                                                                                        • API String ID: 1970222510-435783180
                                                                                                                                                                                                                                                        • Opcode ID: 4254d239cbb8c58497ed9e16c0f8c624f67e2f5b2410b21064c2b256a3b3d2a5
                                                                                                                                                                                                                                                        • Instruction ID: 576b0755bb9753302d495a70cf50670914cdbc22ce8790780323428398cd3378
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4254d239cbb8c58497ed9e16c0f8c624f67e2f5b2410b21064c2b256a3b3d2a5
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F701FB25B1BF0391FB509F24A86417422A2BF19710F8C2535C85E693E2EF3EA49DC318
                                                                                                                                                                                                                                                        Function 00007FFDA3672C10 Relevance: 15.2, APIs: 10, Instructions: 227COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 190073905-0
                                                                                                                                                                                                                                                        • Opcode ID: 1a8d1f532519298a9da786a4129d135a06aa4afe88969801cf82f3079a6a7588
                                                                                                                                                                                                                                                        • Instruction ID: 852b686c984c99d2a3847eb57171f4745222e3ff5d15410d73bdba6cbbc67eb2
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1a8d1f532519298a9da786a4129d135a06aa4afe88969801cf82f3079a6a7588
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5D811421F1E24386FA609B25A4712B92693AF45780FEC6034EA4C77B97DF3FE4458708
                                                                                                                                                                                                                                                        Function 00007FFDA3679030 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 67COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Callable_CheckDeallocErr_R_clear_errorR_peek_last_errorStringX_set_psk_server_callbackX_use_psk_identity_hint
                                                                                                                                                                                                                                                        • String ID: Cannot add PSK server callback to a PROTOCOL_TLS_CLIENT context$callback must be callable$failed to set identity hint
                                                                                                                                                                                                                                                        • API String ID: 2313049127-1396254157
                                                                                                                                                                                                                                                        • Opcode ID: fb21281403a379b615c99ff083972a40e415b7fbdbf99e890c6c4d71a06daef1
                                                                                                                                                                                                                                                        • Instruction ID: 818ab45f0259bb18c5f2a457f9a0ddd7aad3bb20f61a2ecee2ba55740d1ad0e1
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fb21281403a379b615c99ff083972a40e415b7fbdbf99e890c6c4d71a06daef1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1C314D31B1A602CAFA508F25D8A413863E2FB44F84B986435CA0DA7762CF7FE455C348
                                                                                                                                                                                                                                                        Function 00007FFDA354BDF0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Buffer_Err_Release$BufferFormatFreeMem_Object_String
                                                                                                                                                                                                                                                        • String ID: Buffer cannot be None$Buffer length can be at most %d characters
                                                                                                                                                                                                                                                        • API String ID: 1675121998-686265896
                                                                                                                                                                                                                                                        • Opcode ID: f330a7b27ad2e46ddd567d8aaf1c1d2df901e711178c835d73696d74e6b5d538
                                                                                                                                                                                                                                                        • Instruction ID: 6aadaa33dac58e1ddef8e906a97f6361414772d04e45918d12d52eadc79fe5e3
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f330a7b27ad2e46ddd567d8aaf1c1d2df901e711178c835d73696d74e6b5d538
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A3312132B1AB4182EF5A8F19E4603382362FB84B84F445031DA5E67796CF3EE955C788
                                                                                                                                                                                                                                                        Function 00007FFDA36746D4 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 60COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Err_L_is_init_finishedL_set_sessionN_freeString
                                                                                                                                                                                                                                                        • String ID: Cannot set session after handshake.$Cannot set session for server-side SSLSocket.$Session refers to a different SSLContext.$Value is not a SSLSession.
                                                                                                                                                                                                                                                        • API String ID: 2514955158-3160731334
                                                                                                                                                                                                                                                        • Opcode ID: c68f23ef8fa8fe8aa0f0b8702e981877ea41e580611d10ca50f03757ef80513d
                                                                                                                                                                                                                                                        • Instruction ID: 3d39c8947981f543ec81de2b2170517d155c7ce59a3ef585b25cc3e8d8356e2c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c68f23ef8fa8fe8aa0f0b8702e981877ea41e580611d10ca50f03757ef80513d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F9212165B0AA42C2FB14CB16D47D17823B2FF85B84B986531CA0D677A6DF3EE495C308
                                                                                                                                                                                                                                                        Function 00007FFDA367C9C0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 59COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Err_Long$Arg_Long_OccurredParseUnsignedWarnX_clear_optionsX_get_optionsX_set_options
                                                                                                                                                                                                                                                        • String ID: ssl.OP_NO_SSL*/ssl.OP_NO_TLS* options are deprecated
                                                                                                                                                                                                                                                        • API String ID: 2438043060-2795599882
                                                                                                                                                                                                                                                        • Opcode ID: c0e64db1c963369a8a5ed26ffb050843c3af0e95e9869049d5e688494430fb2c
                                                                                                                                                                                                                                                        • Instruction ID: f2da105384330d9327b3588f0c3a717ec7041475e45d60a2ed924b934cb8c794
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c0e64db1c963369a8a5ed26ffb050843c3af0e95e9869049d5e688494430fb2c
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1621C825B0AA4282FB10CF21E96467923A2FF45FE1F5C6631DD2E67792DF6EE4448304
                                                                                                                                                                                                                                                        Function 00007FFDA367A790 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 59COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Arg_$ArgumentErr_KeywordsSizeStringUnicode_Unpack
                                                                                                                                                                                                                                                        • String ID: argument 'store_name'$embedded null character$enum_certificates$str
                                                                                                                                                                                                                                                        • API String ID: 2966986319-2881692381
                                                                                                                                                                                                                                                        • Opcode ID: 7f5ba209273cadbaaa0886b87aea74cb0cebff2d6555443c0b37e337afc2d137
                                                                                                                                                                                                                                                        • Instruction ID: 179d243715fc5214dfb06ff9fc623fe63ff54843a34ee6313e9e7eaf73def46a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7f5ba209273cadbaaa0886b87aea74cb0cebff2d6555443c0b37e337afc2d137
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 83218E61B0BB0285FE10CB15E46427567A2FF48B90F9C2235D95D273A2EF3EE549C708
                                                                                                                                                                                                                                                        Function 00007FFDA367AB28 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 59COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Arg_$ArgumentErr_KeywordsSizeStringUnicode_Unpack
                                                                                                                                                                                                                                                        • String ID: argument 'store_name'$embedded null character$enum_crls$str
                                                                                                                                                                                                                                                        • API String ID: 2966986319-2641223161
                                                                                                                                                                                                                                                        • Opcode ID: 0186551bacce5e167eb27f67d7153db174b15f636566da8f41fccaa9d7114ce9
                                                                                                                                                                                                                                                        • Instruction ID: f0be9cf21eb23657608f466669e39e05208e99eeabec0ab637bf4dbd47c76a67
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0186551bacce5e167eb27f67d7153db174b15f636566da8f41fccaa9d7114ce9
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0F219261B1BB0282FE10CB14E86427567A2EF49B90F8C6235DD1D173A2EF3EE448C708
                                                                                                                                                                                                                                                        Function 00007FFDA3549CA0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: DeallocObject_$AttrBuildCallSizeStringTuple_Value
                                                                                                                                                                                                                                                        • String ID: (s)$strftime
                                                                                                                                                                                                                                                        • API String ID: 4125559156-1254993691
                                                                                                                                                                                                                                                        • Opcode ID: 705837201b98d33591091aae69fea6291c16dfc55d7ca099a681a7f42eb1c854
                                                                                                                                                                                                                                                        • Instruction ID: 030da25346a461d9249fbdd02cb3784b8b79a110aac9508e29d866256f67fcb8
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 705837201b98d33591091aae69fea6291c16dfc55d7ca099a681a7f42eb1c854
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 76112E65F0BB4281EF5A8F1AE96523563A3AF45BC0F489034CA0E17B56EE3EF5408708
                                                                                                                                                                                                                                                        Function 00007FFDA36797B8 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • SSL_is_init_finished.LIBSSL-3(?,?,00000000,00007FFDA3679796), ref: 00007FFDA36797D0
                                                                                                                                                                                                                                                        • PyErr_SetString.PYTHON313(?,?,00000000,00007FFDA3679796), ref: 00007FFDA36797EB
                                                                                                                                                                                                                                                        • SSL_get1_peer_certificate.LIBSSL-3(?,?,00000000,00007FFDA3679796), ref: 00007FFDA36797F9
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Err_L_get1_peer_certificateL_is_init_finishedString
                                                                                                                                                                                                                                                        • String ID: handshake not done yet
                                                                                                                                                                                                                                                        • API String ID: 1333720006-2620869922
                                                                                                                                                                                                                                                        • Opcode ID: f092b3b7c3ee2ed00ca93eb839ed0a4996e54995b990773d5699899330fd975d
                                                                                                                                                                                                                                                        • Instruction ID: 635e4bb4c1d8b86b96756f8e43bdb01d0013c90673e5ca2f8b748f7f2cd14f12
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f092b3b7c3ee2ed00ca93eb839ed0a4996e54995b990773d5699899330fd975d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6F112421F0AA42C1FA10DF12E96403823E2BF88FC4B9C6535DD0E67766DF2EE4558344
                                                                                                                                                                                                                                                        Function 00007FFDA3548940 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 46COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Arg_DescriptorParseSecurityTupleValid
                                                                                                                                                                                                                                                        • String ID: (ii)$:GetSecurityDescriptorControl$GetSecurityDescriptorControl$GetSecurityDescriptorControl - invalid sd
                                                                                                                                                                                                                                                        • API String ID: 1292091245-2499011972
                                                                                                                                                                                                                                                        • Opcode ID: 0c79a85f94f1c090c5a74baff4f4abb4b723d10cf59a6917a5b5309dfcd3027e
                                                                                                                                                                                                                                                        • Instruction ID: 048f22d485d95ce417ed09df27588ae1a04c22e15240a6cfcd8c93cf30ff8b57
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0c79a85f94f1c090c5a74baff4f4abb4b723d10cf59a6917a5b5309dfcd3027e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BE01C892F1B60283EF1A8B2AF8610B92363EF84745F485035D91F52756EF3EE595C708
                                                                                                                                                                                                                                                        Function 00007FFDA354ECA8 Relevance: 13.7, APIs: 9, Instructions: 230COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 349153199-0
                                                                                                                                                                                                                                                        • Opcode ID: deb1322ace880252273496c75106878e47c311885b03c3f26c29ac77a371df4f
                                                                                                                                                                                                                                                        • Instruction ID: 12aa0bdc9d94617478b8d701bdd75ec4f8e5437c3b7eecc227c4b430669f9129
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: deb1322ace880252273496c75106878e47c311885b03c3f26c29ac77a371df4f
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2D81C021F0E30346FB5A9B6E94612792693AF45780F448039E90D67793EF3FE851870C
                                                                                                                                                                                                                                                        Function 00007FFDA3679D98 Relevance: 13.6, APIs: 9, Instructions: 78COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: L_sk_num$DeallocFromL_get_ciphersL_get_client_ciphersL_sk_findL_sk_valueList_LongLong_R_get_bitsR_get_nameR_get_versionTuple_
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 1361062010-0
                                                                                                                                                                                                                                                        • Opcode ID: 4f2b3bef921491daf3ea2ab79f14d545e63694236941bf4e1b89b9a0533f4308
                                                                                                                                                                                                                                                        • Instruction ID: c9bf50c017f4eded8fc802028fb3c0efb58604f3065c268b02e6aed6f6002161
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4f2b3bef921491daf3ea2ab79f14d545e63694236941bf4e1b89b9a0533f4308
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9C218221B1BB0285FA559F12A96453932D2AF44FD5F8C2434CD0E56396EF3EE4458348
                                                                                                                                                                                                                                                        Function 00007FFDA36779DC Relevance: 13.6, APIs: 9, Instructions: 70COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: L_sk_num$L_freeL_get_ciphersL_newL_sk_valueList_R_clear_errorR_peek_last_error
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 722909353-0
                                                                                                                                                                                                                                                        • Opcode ID: 8396214c4882a56f0fae0f7fc67bfd013babba7491e12d419a084fc45d29b7b4
                                                                                                                                                                                                                                                        • Instruction ID: fd7e3f4c5ff8dbf2e1f96a303d7d4d5822372ae88ec7a0c39eb7193395ba5f81
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8396214c4882a56f0fae0f7fc67bfd013babba7491e12d419a084fc45d29b7b4
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2421B321F0BB4286FA04DF66A8340B96392BF84B85F8D2430DD4E63356EF7EE1458308
                                                                                                                                                                                                                                                        Function 00007FFDA35471F0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 67stringCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: DeallocErr_StringUnicode_strcmp
                                                                                                                                                                                                                                                        • String ID: SECURITY_DESCRIPTOR$The object is not a PySECURITY_DESCRIPTOR object$can't delete SECURITY_ATTRIBUTES attributes
                                                                                                                                                                                                                                                        • API String ID: 2499284733-1426751177
                                                                                                                                                                                                                                                        • Opcode ID: 67049ca7dcf50a80a15f7371c299508b5eda7be6bbffd79b9bab495011e33978
                                                                                                                                                                                                                                                        • Instruction ID: 380e9c030dfe4d12384ef3e198bc19cb7700a6838e6855135ba0c9be93f29733
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 67049ca7dcf50a80a15f7371c299508b5eda7be6bbffd79b9bab495011e33978
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 23213431F1EB5281EE5A8F6AE46013863A2FB44BC4F484131EA1E67B56DF3DF5518708
                                                                                                                                                                                                                                                        Function 00007FFDA3542310 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 65COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        • EXPLICIT_ACCESS must be a dictionary containing {AccessPermissions:int,AccessMode:int,Inheritance:int,Trustee:<o PyTRUSTEE>}, xrefs: 00007FFDA35423C2
                                                                                                                                                                                                                                                        • lllO, xrefs: 00007FFDA3542384
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Dealloc$Arg_Err_KeywordsParseStringTupleTuple_
                                                                                                                                                                                                                                                        • String ID: EXPLICIT_ACCESS must be a dictionary containing {AccessPermissions:int,AccessMode:int,Inheritance:int,Trustee:<o PyTRUSTEE>}$lllO
                                                                                                                                                                                                                                                        • API String ID: 959004690-1584370844
                                                                                                                                                                                                                                                        • Opcode ID: 40621dbdd1e1618c9ed3fe52cc1117dbd46a93d7919a77fe4b0fca76490f5cd3
                                                                                                                                                                                                                                                        • Instruction ID: 0b8e1d0606bd3b095161bf0ed94a49820e84f1e35815cc98ac3d740da29441f1
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 40621dbdd1e1618c9ed3fe52cc1117dbd46a93d7919a77fe4b0fca76490f5cd3
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 12314D72F0DB8682EB099F19F45026973A2FB84B84F044131EA8E13B56EF7DE594C748
                                                                                                                                                                                                                                                        Function 00007FFDA3545A60 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 64registryCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • PyErr_SetString.PYTHON313 ref: 00007FFDA3545AC8
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354CEB0: PyNumber_Long.PYTHON313(?,?,?,00007FFDA35450DE), ref: 00007FFDA354CEC5
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354CEB0: PyErr_Occurred.PYTHON313(?,?,?,00007FFDA35450DE), ref: 00007FFDA354CED3
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354CEB0: PyLong_AsLongLong.PYTHON313(?,?,?,00007FFDA35450DE), ref: 00007FFDA354CEE1
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354CEB0: PyErr_Occurred.PYTHON313(?,?,?,00007FFDA35450DE), ref: 00007FFDA354CEF0
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354CEB0: PyErr_Clear.PYTHON313(?,?,?,00007FFDA35450DE), ref: 00007FFDA354CEFB
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354CEB0: PyLong_AsUnsignedLongLong.PYTHON313(?,?,?,00007FFDA35450DE), ref: 00007FFDA354CF04
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354CEB0: PyErr_Occurred.PYTHON313(?,?,?,00007FFDA35450DE), ref: 00007FFDA354CF13
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354CEB0: _Py_Dealloc.PYTHON313(?,?,?,00007FFDA35450DE), ref: 00007FFDA354CF2C
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354CEB0: PyErr_Format.PYTHON313(?,?,?,00007FFDA35450DE), ref: 00007FFDA354CF4B
                                                                                                                                                                                                                                                        • PyErr_SetString.PYTHON313 ref: 00007FFDA3545B09
                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32 ref: 00007FFDA3545B1C
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Err_$Long$Occurred$Long_String$ClearCloseDeallocFormatNumber_Unsigned
                                                                                                                                                                                                                                                        • String ID: HANDLE must be a PyHKEY$PyHKEY$RegCloseKey$The object is not a PyHANDLE object
                                                                                                                                                                                                                                                        • API String ID: 3516211060-2695813183
                                                                                                                                                                                                                                                        • Opcode ID: 0c5216022337286ed9870b41cdd036d90f6bfea009756c59fba8a0f1fd48fc4d
                                                                                                                                                                                                                                                        • Instruction ID: c675826a1da3c3a429bf72a4ef5add11d1862e12860c11dbcccd16f2e62cb8ca
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0c5216022337286ed9870b41cdd036d90f6bfea009756c59fba8a0f1fd48fc4d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4921B521B1AA42C1EF468F2AE4B007963A3EB84BC4F441031DA0F57762DF2EE589C304
                                                                                                                                                                                                                                                        Function 00007FFDA3546460 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        • LARGE_INTEGER must be 'int', or '(int, int)', xrefs: 00007FFDA354650E
                                                                                                                                                                                                                                                        • Support for passing 2 integers to create a 64bit value is deprecated - pass a long instead, xrefs: 00007FFDA35464D1
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Err_$Long$Arg_Long_OccurredParseStringTupleWarn
                                                                                                                                                                                                                                                        • String ID: LARGE_INTEGER must be 'int', or '(int, int)'$Support for passing 2 integers to create a 64bit value is deprecated - pass a long instead
                                                                                                                                                                                                                                                        • API String ID: 3944559157-3919795897
                                                                                                                                                                                                                                                        • Opcode ID: 28b8025bfafdb96d4bfd2a0ca2c1a4757072f5f8cd4f8e2994eeed24b2e5cec3
                                                                                                                                                                                                                                                        • Instruction ID: c9048d96b6b6678156172ceabd71fed8b4a1da74b6502bb7fb209b481cbf500c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 28b8025bfafdb96d4bfd2a0ca2c1a4757072f5f8cd4f8e2994eeed24b2e5cec3
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FA21CE21B0AB4281EB518F1EF4902296762FB88BD8F444131EB9E53769DE3EE585C704
                                                                                                                                                                                                                                                        Function 00007FFDA354D400 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Buffer_Err_Release$BufferFormatObject_String
                                                                                                                                                                                                                                                        • String ID: Buffer cannot be None$Buffer length can be at most %d characters
                                                                                                                                                                                                                                                        • API String ID: 1670810688-686265896
                                                                                                                                                                                                                                                        • Opcode ID: b8068afb17dceacaa5a51a8d99800dcb7b56c81bac3d0113414031d6818f4ca7
                                                                                                                                                                                                                                                        • Instruction ID: 2ba9118c594e0c4ea01afc600246028a9523fbe7dae638aab9487081e629bbf6
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b8068afb17dceacaa5a51a8d99800dcb7b56c81bac3d0113414031d6818f4ca7
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 08212831B0BB4680EB568F19E460238A3A3EB44B94F184431D94E57B9ADE7EF5808788
                                                                                                                                                                                                                                                        Function 00007FFDA3546560 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 57COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        • ULARGE_INTEGER must be 'int', or '(int, int)', xrefs: 00007FFDA35465DA
                                                                                                                                                                                                                                                        • Support for passing 2 integers to create a 64bit value is deprecated - pass a long instead, xrefs: 00007FFDA35465FE
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Err_$Long$Arg_Long_OccurredParseStringTupleUnsignedWarn
                                                                                                                                                                                                                                                        • String ID: Support for passing 2 integers to create a 64bit value is deprecated - pass a long instead$ULARGE_INTEGER must be 'int', or '(int, int)'
                                                                                                                                                                                                                                                        • API String ID: 507489655-1767028231
                                                                                                                                                                                                                                                        • Opcode ID: 01d08b6a7bdc53fd350f74aed6df4b248a7441d7d16c80b61a1c5fffd659387c
                                                                                                                                                                                                                                                        • Instruction ID: 8836f4ffba7cf3d98c628315b0cbe7a32fa747212b290200868820ba2ce60865
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 01d08b6a7bdc53fd350f74aed6df4b248a7441d7d16c80b61a1c5fffd659387c
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3721C221B09B4281EF418F5EF49026963A2FF887D4F845131EA6E4779ADE3EE594C704
                                                                                                                                                                                                                                                        Function 00007FFDA367702C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Arg_$CheckErr_KeywordsLong_ModuleModule_OccurredPositionalStateType_
                                                                                                                                                                                                                                                        • String ID: _SSLContext
                                                                                                                                                                                                                                                        • API String ID: 3264916389-1468230856
                                                                                                                                                                                                                                                        • Opcode ID: 987a8b73833f867488729d6e38bb227978c0df7791cda1cd7699adc4e07a767e
                                                                                                                                                                                                                                                        • Instruction ID: 959c1996afdf0540d386dc56f93d236cc19bdf00e577eee62a8826a7f9749f18
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 987a8b73833f867488729d6e38bb227978c0df7791cda1cd7699adc4e07a767e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EE21A561B0AB4282FA508B22E8641B563A2FF48FD0F9C6431DD5D67756DF7FE4858308
                                                                                                                                                                                                                                                        Function 00007FFDA367B1CC Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 46COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: E_print_exErr_O_freeO_newO_s_memStringX509_
                                                                                                                                                                                                                                                        • String ID: failed to allocate BIO$strict
                                                                                                                                                                                                                                                        • API String ID: 220268057-2811890329
                                                                                                                                                                                                                                                        • Opcode ID: 45d9a39df6a1ebb40e44180eac2f81db80ffa4c90534aa3307a75c1a238b5011
                                                                                                                                                                                                                                                        • Instruction ID: 59a66a112cad71eff5a3351f9014b1684ea1639e69e7790019c8d6ffb9d2a2f2
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 45d9a39df6a1ebb40e44180eac2f81db80ffa4c90534aa3307a75c1a238b5011
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4F115421B0AA4282F6509B16B8241396362BF89FD4F8C6031DD5D67B26DF3EE0458748
                                                                                                                                                                                                                                                        Function 00007FFDA3544960 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 45COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Err_String$Bytes_FormatSize
                                                                                                                                                                                                                                                        • String ID: Attributes of PyDEVMODEW can't be deleted$Length of DriverData cannot be longer that DriverExtra (%d bytes)
                                                                                                                                                                                                                                                        • API String ID: 1818008259-1897733207
                                                                                                                                                                                                                                                        • Opcode ID: a5819ef29f43b57301ff4610e968360216c56eb932ab9b6083dcd6627cabfeef
                                                                                                                                                                                                                                                        • Instruction ID: 63af16d7c2270c0bf8773e8785f4925f604ca33ae909c09fddabfe92f158f7e0
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a5819ef29f43b57301ff4610e968360216c56eb932ab9b6083dcd6627cabfeef
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8911C6A1F0AB0281DF058B2DD8610792763EF84BE0B041231D92F577B5EF2EE495C704
                                                                                                                                                                                                                                                        Function 00007FFDA36722C8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 43COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: BuildErr_FormatFromJ_nid2lnJ_nid2snJ_obj2nidJ_obj2txtSizeStringUnicode_Value
                                                                                                                                                                                                                                                        • String ID: Unknown object$issN
                                                                                                                                                                                                                                                        • API String ID: 2277031989-847857892
                                                                                                                                                                                                                                                        • Opcode ID: 42d544a5f2839ee0200b4fe2f75c4c601cb5a853b30f8e01e6d47e3f2ee2f612
                                                                                                                                                                                                                                                        • Instruction ID: 672c98d30da9939fed0c95ab5d85c1c3dad84035208250b94a76125f2a1e7a1d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 42d544a5f2839ee0200b4fe2f75c4c601cb5a853b30f8e01e6d47e3f2ee2f612
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 66118E25B09B4281FA008B22F82406977A6FB88FD4B9C1435DE4DA7766CF3EE1058348
                                                                                                                                                                                                                                                        Function 00007FFDA367B044 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 39COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • PyErr_SetString.PYTHON313(?,?,00000000,00007FFDA367B02D), ref: 00007FFDA367B06D
                                                                                                                                                                                                                                                        • OBJ_nid2obj.LIBCRYPTO-3(?,?,00000000,00007FFDA367B02D), ref: 00007FFDA367B079
                                                                                                                                                                                                                                                        • PyErr_Format.PYTHON313(?,?,00000000,00007FFDA367B02D), ref: 00007FFDA367B09B
                                                                                                                                                                                                                                                        • PyModule_GetState.PYTHON313(?,?,00000000,00007FFDA367B02D), ref: 00007FFDA367B0A6
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA36722C8: OBJ_obj2nid.LIBCRYPTO-3(?,?,?,?,?,00007FFDA36722A6), ref: 00007FFDA36722EA
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA36722C8: OBJ_nid2sn.LIBCRYPTO-3(?,?,?,?,?,00007FFDA36722A6), ref: 00007FFDA36722FC
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA36722C8: OBJ_nid2ln.LIBCRYPTO-3(?,?,?,?,?,00007FFDA36722A6), ref: 00007FFDA3672307
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA36722C8: Py_BuildValue.PYTHON313(?,?,?,?,?,00007FFDA36722A6), ref: 00007FFDA3672335
                                                                                                                                                                                                                                                        • ASN1_OBJECT_free.LIBCRYPTO-3(?,?,00000000,00007FFDA367B02D), ref: 00007FFDA367B0BD
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Err_$BuildFormatJ_nid2lnJ_nid2objJ_nid2snJ_obj2nidModule_StateStringT_freeValue
                                                                                                                                                                                                                                                        • String ID: NID must be positive.$unknown NID %i
                                                                                                                                                                                                                                                        • API String ID: 1079357630-2656559464
                                                                                                                                                                                                                                                        • Opcode ID: d8c9c2db7b88e3514f31857551da2f2394f72a9ee13964bb6130a15aada5b37e
                                                                                                                                                                                                                                                        • Instruction ID: 88bec86e4c6aab6c128965337844fabcc4532e9a34e7ae6672b60d3b75595709
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d8c9c2db7b88e3514f31857551da2f2394f72a9ee13964bb6130a15aada5b37e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7B014414B0EA4282FE04CB16E5740386362BF8CFD4B886434D91E67B66EF6EE4458308
                                                                                                                                                                                                                                                        Function 00007FFDA3676AC8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 38COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Err_O_ctrlO_freeO_newO_s_memO_set_flagsString
                                                                                                                                                                                                                                                        • String ID: failed to allocate BIO
                                                                                                                                                                                                                                                        • API String ID: 68942223-3472608418
                                                                                                                                                                                                                                                        • Opcode ID: c6033ec318cdf6af549f8bf24f9750b080f66e7010b115b7e21bf31243622685
                                                                                                                                                                                                                                                        • Instruction ID: 504e36a4e6f19d2454f2b51fa5d6d334f9de23ae6198e6c87649ea4d712b9979
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c6033ec318cdf6af549f8bf24f9750b080f66e7010b115b7e21bf31243622685
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2E017921F1AA0382FB548B11F9682356362EF89F55F9C7030C91E1B756DF3ED4588304
                                                                                                                                                                                                                                                        Function 00007FFDA3549240 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 32COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Authority$Arg_CountErr_FromLongLong_ParseStringTuple
                                                                                                                                                                                                                                                        • String ID: The index is out of range$i:GetSubAuthority
                                                                                                                                                                                                                                                        • API String ID: 2376698166-2602025648
                                                                                                                                                                                                                                                        • Opcode ID: 9792cac582ac62394290b1a74a7f90c0f1413b6a5918cc6ae41e1e619801df51
                                                                                                                                                                                                                                                        • Instruction ID: 35aae5c32f6f473e0704f720b6dff310329ea35a8ef05e7628182818ce1fa34e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9792cac582ac62394290b1a74a7f90c0f1413b6a5918cc6ae41e1e619801df51
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CEF03161F0A74383EF068B6AE86507837A2AF89B81B484031C91F17712DE3EF598C708
                                                                                                                                                                                                                                                        Function 00007FFDA367B7DC Relevance: 12.1, APIs: 8, Instructions: 66threadCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Dealloc$Eval_Thread$O_free_allRestoreSave
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 86175192-0
                                                                                                                                                                                                                                                        • Opcode ID: a526db3d70cb72d2e47159ba5ba1d0892e5bea49cd84f23f6d0ad84e29bbc077
                                                                                                                                                                                                                                                        • Instruction ID: a178d1a55bb521cdb17b3cd56e13a79c62fcd818b6a93a9a30b5101a299e3c0d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a526db3d70cb72d2e47159ba5ba1d0892e5bea49cd84f23f6d0ad84e29bbc077
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 21310636F0BA12C3FA199F65A56003873A6FF48F54B9C6430DA1963B42CF3EE4668344
                                                                                                                                                                                                                                                        Function 00007FFDA367B710 Relevance: 12.1, APIs: 8, Instructions: 60COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: From$StringUnicode_$DeallocLongLong_R_get_bitsR_get_nameR_get_versionTuple_
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 4201023408-0
                                                                                                                                                                                                                                                        • Opcode ID: 92463eef1294cda53afe581ae51a2d528783200c8e0cbf85e32760b8a973adc4
                                                                                                                                                                                                                                                        • Instruction ID: 52e776d43d825b8558445ae94db0ab7751d43b8921b13881e82c18a942781ae0
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 92463eef1294cda53afe581ae51a2d528783200c8e0cbf85e32760b8a973adc4
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B821DE35B0B702C6FE598F55A5B827823E6AF48F44F9C6438C90E57392EF3EA4548708
                                                                                                                                                                                                                                                        Function 00007FFDA35474A0 Relevance: 12.1, APIs: 8, Instructions: 52COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: DescriptorSecurityfree$DaclGroupOwnerSacl
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 1788430091-0
                                                                                                                                                                                                                                                        • Opcode ID: f80fdbaf805613b61b14d3bdd1e52ccbc5edc22b729c516d134f0c2fd5eeb702
                                                                                                                                                                                                                                                        • Instruction ID: e23b8f043fe65a163ad0486addd4f4a17bfc546837de98b9ba3b01a51018d516
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f80fdbaf805613b61b14d3bdd1e52ccbc5edc22b729c516d134f0c2fd5eeb702
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EB213621B0B64282EF569F59E4702B56B72FF85780F440032EA5F56A65DE3EE548C704
                                                                                                                                                                                                                                                        Function 00007FFDA3672358 Relevance: 10.6, APIs: 7, Instructions: 91COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: J_obj2txt$FromMallocMem_SizeStringUnicode_
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 2822617359-0
                                                                                                                                                                                                                                                        • Opcode ID: 4b66cf8f34b4ec287d5df60869aa4060487ddbc370fdbcf9b23daf6b9612fe67
                                                                                                                                                                                                                                                        • Instruction ID: 13f49d8fa6873e8558fe1d79850305beb5e44b51d493487b9c599a443cdff992
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4b66cf8f34b4ec287d5df60869aa4060487ddbc370fdbcf9b23daf6b9612fe67
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2D31C831B1A65285F7608B22A8647B92392BF48FD4F9C7430DD0E67B56DF3EE0458708
                                                                                                                                                                                                                                                        Function 00007FFDA3546AE0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 74COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Unicode_
                                                                                                                                                                                                                                                        • String ID: Internal$InternalHigh$hEvent
                                                                                                                                                                                                                                                        • API String ID: 2646675794-1769053571
                                                                                                                                                                                                                                                        • Opcode ID: 3230954fda80a3a15b7262756ef6922f42f6b866fcf77cc308d0e9cd2de208ae
                                                                                                                                                                                                                                                        • Instruction ID: 329576d33e9d388387a1dcae4f249ba759a3d25600d8ddd0e74018a7837075e8
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3230954fda80a3a15b7262756ef6922f42f6b866fcf77cc308d0e9cd2de208ae
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F1318426B1AB8181DF568B1AF5601396762EF88BC4B081031EF4F2775ADE2DE491C708
                                                                                                                                                                                                                                                        Function 00007FFDA3549E90 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 70COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CallDeallocErr_FormatMethodObject_SubtypeType_
                                                                                                                                                                                                                                                        • String ID: astimezone$must be a pywintypes time object (got %s)
                                                                                                                                                                                                                                                        • API String ID: 244768906-1654730096
                                                                                                                                                                                                                                                        • Opcode ID: 4ebedb747ce80201b9841f6db2a3ad0b1a2b2efc78f376f388bf9c6af551531f
                                                                                                                                                                                                                                                        • Instruction ID: 63d0f3e64ddf45798d050ea2a18c68b8bac5aaa243cfbfff0b7a0112dcbf16a5
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4ebedb747ce80201b9841f6db2a3ad0b1a2b2efc78f376f388bf9c6af551531f
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2631E566B093C186DB4A8B2AD1711783BA2FF487C1B189037DB6E93752EF2DE154C714
                                                                                                                                                                                                                                                        Function 00007FFDA35487A0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Arg_DescriptorParseSecurityTupleValid
                                                                                                                                                                                                                                                        • String ID: :GetSecurityDescriptorDacl$GetSecurityDescriptorDacl$SetSecurityDescriptorGroup - invalid sd
                                                                                                                                                                                                                                                        • API String ID: 1292091245-161903415
                                                                                                                                                                                                                                                        • Opcode ID: a70b8841fd3bb74fb48fc43b83994f4796f0aa5c67d2f1f93a678df09f3010b5
                                                                                                                                                                                                                                                        • Instruction ID: 0b4611cde2df65a1e61487c140b4870d22e7c2d42b084cf3767a9e2c60af644a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a70b8841fd3bb74fb48fc43b83994f4796f0aa5c67d2f1f93a678df09f3010b5
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DB11A8A6F0A60282FF0A8F1DF8202756393AF84B54F484431D91E53366EE3EE595C708
                                                                                                                                                                                                                                                        Function 00007FFDA3548870 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Arg_DescriptorParseSecurityTupleValid
                                                                                                                                                                                                                                                        • String ID: :GetSecurityDescriptorSacl$GetSecurityDescriptorSacl$GetSecurityDescriptorSacl - invalid sd
                                                                                                                                                                                                                                                        • API String ID: 1292091245-3167575759
                                                                                                                                                                                                                                                        • Opcode ID: 51e9e47e3c590d4bcffd20fb1b34e3be24bc56202da4389d4add24541a4b39de
                                                                                                                                                                                                                                                        • Instruction ID: 35a504be5f70350c0eb91823df512473284f742ee1212dfd6f22d634569e76fe
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 51e9e47e3c590d4bcffd20fb1b34e3be24bc56202da4389d4add24541a4b39de
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D611A5A5F1A64282FF0A8B1DF8202B563A3AF84794F484431D91E533A6DF3EE595C708
                                                                                                                                                                                                                                                        Function 00007FFDA35486E0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 56COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Arg_DescriptorParseSecurityTupleValid
                                                                                                                                                                                                                                                        • String ID: :GetSecurityDescriptorGroup$GetSecurityDescriptorGroup$GetSecurityDescriptorGroup - invalid sd
                                                                                                                                                                                                                                                        • API String ID: 1292091245-1740808346
                                                                                                                                                                                                                                                        • Opcode ID: de9d71227a1b018458c6f32488d96044086d18eae158601c7319b79526419fff
                                                                                                                                                                                                                                                        • Instruction ID: c9c5b8f7bb7bb8b09130fa89e5a719cff8b4ebf2d98e510e4afb48b4716962ef
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: de9d71227a1b018458c6f32488d96044086d18eae158601c7319b79526419fff
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C71184A1F0A60282FF0E8B1EE8712752293AF84784F485031CA1E53357EE2EE5948708
                                                                                                                                                                                                                                                        Function 00007FFDA35498A0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ErrorLastValidmalloc
                                                                                                                                                                                                                                                        • String ID: PySID:$PySID: Invalid SID
                                                                                                                                                                                                                                                        • API String ID: 814871005-2976353951
                                                                                                                                                                                                                                                        • Opcode ID: bca7d20094dae963d8d92a0c666da5fa3ed3a1cb4ec8201cbe5f052b776f9036
                                                                                                                                                                                                                                                        • Instruction ID: c89d8ebd247ed3eaa3cf26174a639e2cbc469a3332e7fe7c782b62b469cb356d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bca7d20094dae963d8d92a0c666da5fa3ed3a1cb4ec8201cbe5f052b776f9036
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9C21D161B1A78582EB4A8F19E4611B97363FB44BE0F44A131DE2E13792DF3CE194C708
                                                                                                                                                                                                                                                        Function 00007FFDA35442F0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 52COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • PyArg_ParseTuple.PYTHON313 ref: 00007FFDA354431E
                                                                                                                                                                                                                                                        • GetAuditedPermissionsFromAclW.ADVAPI32 ref: 00007FFDA354434E
                                                                                                                                                                                                                                                        • Py_BuildValue.PYTHON313 ref: 00007FFDA3544378
                                                                                                                                                                                                                                                        • PyMem_Free.PYTHON313 ref: 00007FFDA3544392
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354C400: GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFDA3547A4D,?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA354C41B
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354C400: FormatMessageW.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFDA3547A4D,?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA354C48A
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354C400: PyUnicode_DecodeMBCS.PYTHON313(?,?,?,?,?,00000000,00000000,00007FFDA3547A4D,?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA354C568
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354C400: Py_BuildValue.PYTHON313(?,?,?,?,?,00000000,00000000,00007FFDA3547A4D,?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA354C57D
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354C400: LocalFree.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFDA3547A4D,?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA354C595
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354C400: PyErr_SetObject.PYTHON313(?,?,?,?,?,00000000,00000000,00007FFDA3547A4D,?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA354C5AA
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: BuildFreeValue$Arg_AuditedDecodeErr_ErrorFormatFromLastLocalMem_MessageObjectParsePermissionsTupleUnicode_
                                                                                                                                                                                                                                                        • String ID: GetAuditedPermissionsFromAcl$O:GetAuditedPermissionsFromAcl
                                                                                                                                                                                                                                                        • API String ID: 779572743-1982696749
                                                                                                                                                                                                                                                        • Opcode ID: 6b9190123efeffe16bc3b1fe5c1430e533b7fa5cc7966d83ebfbad101224fffd
                                                                                                                                                                                                                                                        • Instruction ID: 448da16f424c8ab501be0500fbfe1491423a60e75ee791e946066e402db9e45a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6b9190123efeffe16bc3b1fe5c1430e533b7fa5cc7966d83ebfbad101224fffd
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EF119272B0974292DB058F5AF45006EA7A2FB84B94F840036EA4F53B1AEF7DE584CB44
                                                                                                                                                                                                                                                        Function 00007FFDA367CBCC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: X509_$Arg_M_clear_flagsM_get_flagsM_set_flagsParseX_get0_param
                                                                                                                                                                                                                                                        • String ID: }
                                                                                                                                                                                                                                                        • API String ID: 1566575135-2784586233
                                                                                                                                                                                                                                                        • Opcode ID: 34a11b25d548e90867ede705f9767b417e82e9383094fa6f29e7fc36470c5788
                                                                                                                                                                                                                                                        • Instruction ID: 26472e42d51279fb9971d6dec19aa2c5bd95a3514d177508b56eb41a975d6da0
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 34a11b25d548e90867ede705f9767b417e82e9383094fa6f29e7fc36470c5788
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2711B625B0DA4282F7108F66E46413973A2FF85F94F886131DA0D67756EF3EE0458B08
                                                                                                                                                                                                                                                        Function 00007FFDA3541240 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 50COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Err_$BufferBuffer_FormatObject_ReleaseString
                                                                                                                                                                                                                                                        • String ID: Buffer cannot be None$Buffer length can be at most %d characters
                                                                                                                                                                                                                                                        • API String ID: 3539591379-686265896
                                                                                                                                                                                                                                                        • Opcode ID: 0da5e900bf8a33f3c475dd51dd89b2333c16a9d0b82ae7c2ec69a96980702169
                                                                                                                                                                                                                                                        • Instruction ID: 540e1b7efd6584e7556f7d1c80fc820ff3079d2c06d63ca7276614cf4fc89b7c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0da5e900bf8a33f3c475dd51dd89b2333c16a9d0b82ae7c2ec69a96980702169
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2A114261F5BB0281DE198F5AE4501342393FB89B94F485030CD1E97755DF3EE595C748
                                                                                                                                                                                                                                                        Function 00007FFDA3544230 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 49COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • PyArg_ParseTuple.PYTHON313 ref: 00007FFDA354425A
                                                                                                                                                                                                                                                        • GetEffectiveRightsFromAclW.ADVAPI32 ref: 00007FFDA3544285
                                                                                                                                                                                                                                                        • Py_BuildValue.PYTHON313 ref: 00007FFDA35442AA
                                                                                                                                                                                                                                                        • PyMem_Free.PYTHON313 ref: 00007FFDA35442C4
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354C400: GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFDA3547A4D,?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA354C41B
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354C400: FormatMessageW.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFDA3547A4D,?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA354C48A
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354C400: PyUnicode_DecodeMBCS.PYTHON313(?,?,?,?,?,00000000,00000000,00007FFDA3547A4D,?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA354C568
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354C400: Py_BuildValue.PYTHON313(?,?,?,?,?,00000000,00000000,00007FFDA3547A4D,?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA354C57D
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354C400: LocalFree.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFDA3547A4D,?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA354C595
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354C400: PyErr_SetObject.PYTHON313(?,?,?,?,?,00000000,00000000,00007FFDA3547A4D,?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA354C5AA
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: BuildFreeValue$Arg_DecodeEffectiveErr_ErrorFormatFromLastLocalMem_MessageObjectParseRightsTupleUnicode_
                                                                                                                                                                                                                                                        • String ID: GetEffectiveRightsFromAcl$O:GetEffectiveRightsFromAcl
                                                                                                                                                                                                                                                        • API String ID: 2073598658-568366055
                                                                                                                                                                                                                                                        • Opcode ID: 247de53edbba7a4271bbf513ae11bb24d89cab06e9711837b0c51d0caff24205
                                                                                                                                                                                                                                                        • Instruction ID: aceece3ce1cd6fb848a833b4e25ca5dec350a90b21accd4912d7eb3edb97292e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 247de53edbba7a4271bbf513ae11bb24d89cab06e9711837b0c51d0caff24205
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CF119D62B0EB4692EA028F5AF4600BAA3A2FF84784F444131DA4F57B5ADF7DE505CB04
                                                                                                                                                                                                                                                        Function 00007FFDA3543C60 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 49COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Arg_ParseTuple
                                                                                                                                                                                                                                                        • String ID: Ace type %d is not supported yet$GetAce$l:GetAce
                                                                                                                                                                                                                                                        • API String ID: 3371842430-2172617993
                                                                                                                                                                                                                                                        • Opcode ID: c9224e87bc8317b6439b7db474916c839e8cf08f52e6895d905d1aca719b8969
                                                                                                                                                                                                                                                        • Instruction ID: 091d6a83cdb907a5f114ac32c731f2d69c8c851d7b7350eb172b710a96c273eb
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c9224e87bc8317b6439b7db474916c839e8cf08f52e6895d905d1aca719b8969
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 39114F72B19B4282EB068B29F85007977A3FB85B84F544132DA4E6376ADF3DE165CB04
                                                                                                                                                                                                                                                        Function 00007FFDA3542BC0 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 43COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Arg_ParseTuple$ClearErr_
                                                                                                                                                                                                                                                        • String ID: AddAccesDeniedAce$lO:AddAccessDeniedAce$llO:AddAccessDeniedAce
                                                                                                                                                                                                                                                        • API String ID: 2492218514-45297876
                                                                                                                                                                                                                                                        • Opcode ID: 9257cef95fa0abca0fdc74fa17bf64a4a18db8c9670460e5b188c7a4c9a2dfc3
                                                                                                                                                                                                                                                        • Instruction ID: d63fdc54d589738b0e8f09a5ea59b30abdae7a94b655940eeaa41571db6c5b0c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9257cef95fa0abca0fdc74fa17bf64a4a18db8c9670460e5b188c7a4c9a2dfc3
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E6115175B0DB4692DB118F19F4504AAB762FB887C4F444132EA8E53B1AEF3DE254CB48
                                                                                                                                                                                                                                                        Function 00007FFDA3542B10 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 43COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Arg_ParseTuple$ClearErr_
                                                                                                                                                                                                                                                        • String ID: AddAccesAllowedAce$lO:AddAccessAllowedAce$llO:AddAccessAllowedAce
                                                                                                                                                                                                                                                        • API String ID: 2492218514-648165593
                                                                                                                                                                                                                                                        • Opcode ID: 3ef4422c3111dd9ae3b784dbffad1bbc340a2c81814f7b2475e4556d86d72b89
                                                                                                                                                                                                                                                        • Instruction ID: 87235f73b2d48bd07a9f05622ca448b0819cb4dcb5e4f5722eb1b818558c54db
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3ef4422c3111dd9ae3b784dbffad1bbc340a2c81814f7b2475e4556d86d72b89
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9D115175B0DB4682DB118F59F4505AAB762FB887D4F444032EA8E53B2ADF3DE254CB04
                                                                                                                                                                                                                                                        Function 00007FFDA35489E0 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 42COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Arg_ControlDescriptorErr_ParseSecurityStringTuple
                                                                                                                                                                                                                                                        • String ID: SetSecurityDescriptorControl$SetSecurityDescriptorControl does not exist on this platform$ll:SetSecurityDescriptorControl
                                                                                                                                                                                                                                                        • API String ID: 1690190277-853495732
                                                                                                                                                                                                                                                        • Opcode ID: ca04b7d0fea14b1eeca76fa55091ac8873dd5a18c7a071162c64d02978383f12
                                                                                                                                                                                                                                                        • Instruction ID: 7281c0f0b7eae2242c4afd42101557a26ddfe577411fbbfa3fe96432c0af72a4
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ca04b7d0fea14b1eeca76fa55091ac8873dd5a18c7a071162c64d02978383f12
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B0118E61F1A60282EF4A8F1EE86127423A3FF84B84F480031D91E67766DF3EE594C708
                                                                                                                                                                                                                                                        Function 00007FFDA3543CF6 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: BuildCopyLengthReferenceValuemalloc
                                                                                                                                                                                                                                                        • String ID: (ll)lN
                                                                                                                                                                                                                                                        • API String ID: 1144616375-415220060
                                                                                                                                                                                                                                                        • Opcode ID: e8749222804a17c14589da8d80a8dfa4130c09778a5ed6446d50b6ac359eea1b
                                                                                                                                                                                                                                                        • Instruction ID: 168499ec8276c05a2534fdbf7eb47952a6dcdff7bf45826b0d3e1b506c6f23fe
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e8749222804a17c14589da8d80a8dfa4130c09778a5ed6446d50b6ac359eea1b
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E0114231F0AB9286EB558F19E46012977A2FB45B80F084035DA8E63766DF3DF561C748
                                                                                                                                                                                                                                                        Function 00007FFDA367CDB0 Relevance: 10.5, APIs: 7, Instructions: 37COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: X509_$T_get0_T_set1_X509$T_freeT_get_typeT_new
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 4176268728-0
                                                                                                                                                                                                                                                        • Opcode ID: d20d661c90b5d7aba11b465249715b122b9e2e1b30cf635b5a95bcd50beb5894
                                                                                                                                                                                                                                                        • Instruction ID: ae25967c13ac1f993dd728470ec9bcbde1a9b73fdb21a1965df810cb794a21ab
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d20d661c90b5d7aba11b465249715b122b9e2e1b30cf635b5a95bcd50beb5894
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0D013120B1FA0385FA645F2669781391363AF49FD4B9C7434C81F6A756DF2EE4988708
                                                                                                                                                                                                                                                        Function 00007FFDA354A720 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Err_$BuildClearDeallocStringValue
                                                                                                                                                                                                                                                        • String ID: (i)$invalid timestamp
                                                                                                                                                                                                                                                        • API String ID: 3614533335-2037815563
                                                                                                                                                                                                                                                        • Opcode ID: 64888a64718f88c2b21e33994be5d13bf83f3b1d82c56865ddfd3e790820648b
                                                                                                                                                                                                                                                        • Instruction ID: fb3fb2d38127a5b6594241d7b11e76baf9307e28523874da48ef3577d80498b6
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 64888a64718f88c2b21e33994be5d13bf83f3b1d82c56865ddfd3e790820648b
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BA011E61F0BB0281EF568B69E96417823A7AF58B85F481032C90F56766DF3EF5948708
                                                                                                                                                                                                                                                        Function 00007FFDA3544A10 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        • PyDEVMODE::PyDEVMODE - Unable to allocate DEVMODE of size %d, xrefs: 00007FFDA3544A66
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: memcpy$Err_FormatReferencemalloc
                                                                                                                                                                                                                                                        • String ID: PyDEVMODE::PyDEVMODE - Unable to allocate DEVMODE of size %d
                                                                                                                                                                                                                                                        • API String ID: 3577276951-318570358
                                                                                                                                                                                                                                                        • Opcode ID: 96d05b4b8ad6c57b41a39e5f0ab8f2408ee3286b050f5ce7c13a181665dd239a
                                                                                                                                                                                                                                                        • Instruction ID: 9c653ab9ad948d1ba0d33e1090c924ab9278dd955a4f68e6577438c8c824f4b4
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 96d05b4b8ad6c57b41a39e5f0ab8f2408ee3286b050f5ce7c13a181665dd239a
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 01015E61B0AB0292DF158F4AE96107873A2FF48F85B444035DA4E13B52EF3EF1A4C308
                                                                                                                                                                                                                                                        Function 00007FFDA35493F0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: AuthorityBuildErr_IdentifierStringValidValue
                                                                                                                                                                                                                                                        • String ID: (BBBBBB)$GetSidIdentifierAuthority: Invalid SID in object
                                                                                                                                                                                                                                                        • API String ID: 4045288465-3761804006
                                                                                                                                                                                                                                                        • Opcode ID: 615ff364ecf4b2f6fbb4577ac1032b11da4648b0c55427ed7780864fcfb30ffc
                                                                                                                                                                                                                                                        • Instruction ID: 23e38b78957d5d2ed35422df3e5505f00be957e965998983b9162a078cc91d87
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 615ff364ecf4b2f6fbb4577ac1032b11da4648b0c55427ed7780864fcfb30ffc
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7B01A762B1E7C182DB428F25E8600397FB2FB85B85B088031D99F53762CF2DD565C708
                                                                                                                                                                                                                                                        Function 00007FFDA354C890 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Arg_BuildErr_ParseStringTextTupleUnicodeValue
                                                                                                                                                                                                                                                        • String ID: s#i$string size beyond INT_MAX
                                                                                                                                                                                                                                                        • API String ID: 2273782283-3494499060
                                                                                                                                                                                                                                                        • Opcode ID: 4b5c9164ba692dd86c3d625a5a86657bc7a4acf53301f7ed8babcb47b8e01204
                                                                                                                                                                                                                                                        • Instruction ID: b20ef0cf36df20b07cf3fb0b4397b35c4cf15329b73ce7dc77dce892473933c5
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4b5c9164ba692dd86c3d625a5a86657bc7a4acf53301f7ed8babcb47b8e01204
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 90018F70F0AB4682DF028B19E4200A937A2FBC5794F800032D54F97B65DE3EF209CB84
                                                                                                                                                                                                                                                        Function 00007FFDA354BFF0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 16COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CallsMakePending$ClearErr___acrt_iob_func__stdio_common_vfprintffprintf
                                                                                                                                                                                                                                                        • String ID: Unhandled exception detected before entering Python.
                                                                                                                                                                                                                                                        • API String ID: 322838838-920423093
                                                                                                                                                                                                                                                        • Opcode ID: bbccaab3a7c4ad21d36c60cf5a593e4e3c5db407707c02aee8003046da95ed00
                                                                                                                                                                                                                                                        • Instruction ID: d098e76ce8edd1bc878d0faa1141bf059b7aaaf2a735683be2e0ed09f8066941
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bbccaab3a7c4ad21d36c60cf5a593e4e3c5db407707c02aee8003046da95ed00
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 94E0EC14F0B70392FB0A2B69ECB563926535F54B45F400134C40F61363EE2EF5898618
                                                                                                                                                                                                                                                        Function 00007FFDA354B2E0 Relevance: 9.1, APIs: 6, Instructions: 86COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: List_$AppendDealloc
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 1573934073-0
                                                                                                                                                                                                                                                        • Opcode ID: 7df2b78d6d5287c60bc640f919dbf0db1eaa50ea8ef363c97fcee23fcdab4804
                                                                                                                                                                                                                                                        • Instruction ID: f578799c225d72cb8a8a35e45dec4526b401debf67c96b0b39de2ffb1e3b0f53
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7df2b78d6d5287c60bc640f919dbf0db1eaa50ea8ef363c97fcee23fcdab4804
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3B315331F0B64287EB5A4F1E956417862A3EF047A4F084230DA9E17BD6EF6EF5518344
                                                                                                                                                                                                                                                        Function 00007FFDA354B420 Relevance: 9.1, APIs: 6, Instructions: 77COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: List_$AppendBytes_DeallocFromSizeString
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3583985797-0
                                                                                                                                                                                                                                                        • Opcode ID: fa9e8c22ace8bfa2a7f8576b109cd451eb3fbd3c9cda2f4208ba26d535e53f9c
                                                                                                                                                                                                                                                        • Instruction ID: 8d602ccf3f2c1c0bfcff0f07817e5db54a8ddfda4778307fed2b50d680553d87
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fa9e8c22ace8bfa2a7f8576b109cd451eb3fbd3c9cda2f4208ba26d535e53f9c
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1B315431F0B64146EE5E4F29B5742786693AF05BA4F085234DAAE177C6DF2EF4418308
                                                                                                                                                                                                                                                        Function 00007FFDA3546FF0 Relevance: 9.1, APIs: 6, Instructions: 56COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • _Py_NewReference.PYTHON313(?,?,?,00007FFDA3546F26), ref: 00007FFDA354700D
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354E768: malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FFDA354E782
                                                                                                                                                                                                                                                        • _Py_NewReference.PYTHON313(?,?,?,00007FFDA3546F26), ref: 00007FFDA354703A
                                                                                                                                                                                                                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDA3546F26), ref: 00007FFDA3547045
                                                                                                                                                                                                                                                        • InitializeSecurityDescriptor.ADVAPI32(?,?,?,00007FFDA3546F26), ref: 00007FFDA354705E
                                                                                                                                                                                                                                                        • free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDA3546F26), ref: 00007FFDA3547076
                                                                                                                                                                                                                                                        • _Py_Dealloc.PYTHON313(?,?,?,00007FFDA3546F26), ref: 00007FFDA354709A
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA3547D20: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDA3541931), ref: 00007FFDA3547D3B
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA3547D20: GetSecurityDescriptorLength.ADVAPI32(?,?,?,00007FFDA3541931), ref: 00007FFDA3547D44
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: DescriptorReferenceSecurityfreemalloc$DeallocInitializeLength
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 2040291429-0
                                                                                                                                                                                                                                                        • Opcode ID: 5a263e4a360b5c9879a8c6137d038cbb60ca2fb05632f21eee30b9500df43a29
                                                                                                                                                                                                                                                        • Instruction ID: 1acd5d4a560846bc13a9c05859691063b22a1b1c176d5a2093ebfa9b92df8792
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5a263e4a360b5c9879a8c6137d038cbb60ca2fb05632f21eee30b9500df43a29
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BE215331F0BB4282EB0A8F19E86432977A6FB48B80F444034CA5E17B56DF3EE564C744
                                                                                                                                                                                                                                                        Function 00007FFDA354DA70 Relevance: 9.0, APIs: 6, Instructions: 39threadCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: DeallocValue$DeleteFreeLocalState_Thread
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 1066789969-0
                                                                                                                                                                                                                                                        • Opcode ID: d72e0d609fdda2483786e1d5aaac3537aadc1cecc1d2818175353a1866a79386
                                                                                                                                                                                                                                                        • Instruction ID: df5731fa17354c41344a8d382af9c0b78e5a6a79ddc8ad08e5a29ad3aa9b8791
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d72e0d609fdda2483786e1d5aaac3537aadc1cecc1d2818175353a1866a79386
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 14119635F0B74281FB5A8F6EA87503822E3AF49755F084134C90E62353DF3EB5558B09
                                                                                                                                                                                                                                                        Function 00007FFDA3547DE0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 59COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Arg_DescriptorInitializeParseSecurityTuple
                                                                                                                                                                                                                                                        • String ID: :Initialize$InitializeSecurityDescriptor
                                                                                                                                                                                                                                                        • API String ID: 3008588735-475701968
                                                                                                                                                                                                                                                        • Opcode ID: bcb71fab1ef2345fa760387ba95d939ceb0289144ad845e36b1c36082859699f
                                                                                                                                                                                                                                                        • Instruction ID: e732b524581cecce641c0220c102e0454868fc8579aba0b6c966919a004ab03c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bcb71fab1ef2345fa760387ba95d939ceb0289144ad845e36b1c36082859699f
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F8219922B1D74182EB4A8F2AF55017A63A3FF48BC0F485031DE5E57B5ADF2DE8518704
                                                                                                                                                                                                                                                        Function 00007FFDA35455D0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CharDeallocFromObject_PrintUnicode_Widewsprintf
                                                                                                                                                                                                                                                        • String ID: <%hs at %Id (%Id)>
                                                                                                                                                                                                                                                        • API String ID: 2754229576-3200932714
                                                                                                                                                                                                                                                        • Opcode ID: d6e00180c53ce781e79f886e838ef22ec9f51abfd2b976ddd751f53c605734fa
                                                                                                                                                                                                                                                        • Instruction ID: 60d5abafb81b1847415d08b690ec3aee50131b3f76d1ba87c44a061bc9f8ed31
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d6e00180c53ce781e79f886e838ef22ec9f51abfd2b976ddd751f53c605734fa
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BA11E432F06B4581EF568B29E8243A867A2EB48FE4F444130D91E137A5DF3DE144C304
                                                                                                                                                                                                                                                        Function 00007FFDA3545980 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Arg_ParseReferenceTuple
                                                                                                                                                                                                                                                        • String ID: The object is not a PyHANDLE object$|O:HANDLERegistry
                                                                                                                                                                                                                                                        • API String ID: 709158290-3143913545
                                                                                                                                                                                                                                                        • Opcode ID: c51ad50cdd8a4e81500241ab1d12deaa1fc53d1bb5ae0f20817fe087472034bc
                                                                                                                                                                                                                                                        • Instruction ID: 1408b51086a47ec0d7e71c07bbc501f1af7bbfb5a9c609347b7f11cece9b7d43
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c51ad50cdd8a4e81500241ab1d12deaa1fc53d1bb5ae0f20817fe087472034bc
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B9219F32B0AB8291EA468F19F4A007973B2FB44784F540032EB4E63766DF3EE569C744
                                                                                                                                                                                                                                                        Function 00007FFDA3545080 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 52COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Arg_ParseReferenceTuple
                                                                                                                                                                                                                                                        • String ID: The object is not a PyHANDLE object$|O:HANDLE
                                                                                                                                                                                                                                                        • API String ID: 709158290-2911939918
                                                                                                                                                                                                                                                        • Opcode ID: d524b3afff0263af5fd17325481d8d0d46617f7d59757ba0433345372724a13d
                                                                                                                                                                                                                                                        • Instruction ID: 73e7ca5cc1eed1b90fa0398aca9e917d47310d2de4053cb928facc46f1d8ff00
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d524b3afff0263af5fd17325481d8d0d46617f7d59757ba0433345372724a13d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 83218E22B0AB8281EA468B19F46007963B2FB44784F541432EA4E67B66DF3EE565C744
                                                                                                                                                                                                                                                        Function 00007FFDA354C9C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 51timeCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Time$Arg_DateFileParseTuple
                                                                                                                                                                                                                                                        • String ID: DosDateTimeToFileTime$FileTimeToSystemTime
                                                                                                                                                                                                                                                        • API String ID: 1545533762-3006328108
                                                                                                                                                                                                                                                        • Opcode ID: 6a8d318ddad729e7252b3c6980ed207a389d14d8fbb48f996d8d5cf78618f2e3
                                                                                                                                                                                                                                                        • Instruction ID: 7f0c2a7808488bca8316bd51b7e9ce8672087254b41fca754ad02b6ff8dfcc1e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6a8d318ddad729e7252b3c6980ed207a389d14d8fbb48f996d8d5cf78618f2e3
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B0117B12F0D98291EE56EB26E8310BA7363FFC5748FC40032E54E52757EE2EE5058B04
                                                                                                                                                                                                                                                        Function 00007FFDA3541990 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Err_Formatmemcpyrealloc
                                                                                                                                                                                                                                                        • String ID: SetACL: Unable to reallocate ACL to size %d
                                                                                                                                                                                                                                                        • API String ID: 2667793433-1849531889
                                                                                                                                                                                                                                                        • Opcode ID: 6ba060cef578a0feeb06df177a6597eb8244b50008ebb1effcf474d1aa7c220c
                                                                                                                                                                                                                                                        • Instruction ID: f61f81f3cd85f40cd4b87e5bbb0513c3dc05e3359ba1d6c97596e252bde295fc
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6ba060cef578a0feeb06df177a6597eb8244b50008ebb1effcf474d1aa7c220c
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BB119321B1A75182EB199F16E85103AB3B2FB48FC0B048035EE5D57B46DF3DE1908348
                                                                                                                                                                                                                                                        Function 00007FFDA3544DD0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 47COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Err_String
                                                                                                                                                                                                                                                        • String ID: Object must be a PyDEVMODEW$PyDEVMODE cannot be None in this context
                                                                                                                                                                                                                                                        • API String ID: 1450464846-2899910425
                                                                                                                                                                                                                                                        • Opcode ID: 3c20b954deb9a9200817a31d63ae06041e07210914048fb5353322c95aff8119
                                                                                                                                                                                                                                                        • Instruction ID: 5538eaffaddb77e073174aadaf3c06aa5bacc7f95c059e92092e695c99cfb3f7
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3c20b954deb9a9200817a31d63ae06041e07210914048fb5353322c95aff8119
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A7119462F1AB0281EF558F1DF49027823A2FB88BC4F484031DA1E47B66DE3EE591C708
                                                                                                                                                                                                                                                        Function 00007FFDA36745D8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: DeallocErr_L_set_L_set_msg_callbackStringSubtypeType_
                                                                                                                                                                                                                                                        • String ID: The value must be a SSLContext
                                                                                                                                                                                                                                                        • API String ID: 40619448-677980480
                                                                                                                                                                                                                                                        • Opcode ID: 1305fe11475873808bc867462c34bc72e04dd9ebe05a14b25f697de9632d2ea4
                                                                                                                                                                                                                                                        • Instruction ID: 714060bc16f180b938aba2aaf048abe4bce4e17cf65aa84c2e615d9c364bc7a7
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1305fe11475873808bc867462c34bc72e04dd9ebe05a14b25f697de9632d2ea4
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EA1151B2B09A4182FB14CF25D96912833B2FB48FC8B586131CA5D57366CF2AD464C344
                                                                                                                                                                                                                                                        Function 00007FFDA3549350 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Authority$Arg_CountErr_ParseStringTuple
                                                                                                                                                                                                                                                        • String ID: The index is out of range
                                                                                                                                                                                                                                                        • API String ID: 706982848-505141048
                                                                                                                                                                                                                                                        • Opcode ID: d87ec0b1fcf0a1068b55480798adcdb78cb2436f0da94cff30977aef3b577662
                                                                                                                                                                                                                                                        • Instruction ID: 8d2309c1be11ffc55dd01463e80debff9e4f7070a9a1a6165cb93596f3e26ec3
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d87ec0b1fcf0a1068b55480798adcdb78cb2436f0da94cff30977aef3b577662
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C2117C72F1A74282EF0A8F19E4600783362FB88B40F445032DA0E53766DF3DE584CB48
                                                                                                                                                                                                                                                        Function 00007FFDA354D0E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 38COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • PyLong_AsVoidPtr.PYTHON313 ref: 00007FFDA354D0F5
                                                                                                                                                                                                                                                        • PyErr_Occurred.PYTHON313 ref: 00007FFDA354D103
                                                                                                                                                                                                                                                        • PyErr_Clear.PYTHON313 ref: 00007FFDA354D10E
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354CEB0: PyNumber_Long.PYTHON313(?,?,?,00007FFDA35450DE), ref: 00007FFDA354CEC5
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354CEB0: PyErr_Occurred.PYTHON313(?,?,?,00007FFDA35450DE), ref: 00007FFDA354CED3
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354CEB0: PyLong_AsLongLong.PYTHON313(?,?,?,00007FFDA35450DE), ref: 00007FFDA354CEE1
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354CEB0: PyErr_Occurred.PYTHON313(?,?,?,00007FFDA35450DE), ref: 00007FFDA354CEF0
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354CEB0: PyErr_Clear.PYTHON313(?,?,?,00007FFDA35450DE), ref: 00007FFDA354CEFB
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354CEB0: PyLong_AsUnsignedLongLong.PYTHON313(?,?,?,00007FFDA35450DE), ref: 00007FFDA354CF04
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354CEB0: PyErr_Occurred.PYTHON313(?,?,?,00007FFDA35450DE), ref: 00007FFDA354CF13
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354CEB0: _Py_Dealloc.PYTHON313(?,?,?,00007FFDA35450DE), ref: 00007FFDA354CF2C
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354CEB0: PyErr_Format.PYTHON313(?,?,?,00007FFDA35450DE), ref: 00007FFDA354CF4B
                                                                                                                                                                                                                                                        • PyErr_Format.PYTHON313 ref: 00007FFDA354D13C
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Err_$Long$Occurred$Long_$ClearFormat$DeallocNumber_UnsignedVoid
                                                                                                                                                                                                                                                        • String ID: WPARAM is simple, so must be an int object (got %s)
                                                                                                                                                                                                                                                        • API String ID: 4021378859-3057595559
                                                                                                                                                                                                                                                        • Opcode ID: 650d8dcc8cadc460fa6b0e6a961d0bec92543f936dcd9b3b363ec97f9a6b6c7e
                                                                                                                                                                                                                                                        • Instruction ID: 4930e160f674d414c1c8428b8b88fec3f0b11690d302b28a8278c9bf6f240464
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 650d8dcc8cadc460fa6b0e6a961d0bec92543f936dcd9b3b363ec97f9a6b6c7e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 67018021F0AB8281EF458B1AF46006967A2EF48BC4F085031EE0E67716DE3DE494C708
                                                                                                                                                                                                                                                        Function 00007FFDA367B390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: DeallocErr_FormatFromModuleO_newO_s_memStateStringType_Unicode_X509_get_subject_name
                                                                                                                                                                                                                                                        • String ID: <%s '%U'>
                                                                                                                                                                                                                                                        • API String ID: 652521511-3496504151
                                                                                                                                                                                                                                                        • Opcode ID: ac0ec37f53dc304a1c658a581da0e647366d60a2732bb4336fb4d754c58b5739
                                                                                                                                                                                                                                                        • Instruction ID: 3d846345c633cbf4b630d70d546377375cc0b9c6f0545b341df8843c7dda123a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ac0ec37f53dc304a1c658a581da0e647366d60a2732bb4336fb4d754c58b5739
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 36016721B0A64282FE448F17E9641296362FB48FD4F8C6430DE5D1776ADF3DE485C704
                                                                                                                                                                                                                                                        Function 00007FFDA354D660 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 30COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Long$FromLong_$BuildValue
                                                                                                                                                                                                                                                        • String ID: NiNNi(ii)
                                                                                                                                                                                                                                                        • API String ID: 3269351011-1588869203
                                                                                                                                                                                                                                                        • Opcode ID: 395cab98014d2c388113e4450b3a3dd1ebaa526a5b2c7052f1148e00d7086c69
                                                                                                                                                                                                                                                        • Instruction ID: 2f8fc14a2b8eb67bf36a5d3da76340e8a450f1ec3f970758f57d6d54ced6a964
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 395cab98014d2c388113e4450b3a3dd1ebaa526a5b2c7052f1148e00d7086c69
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2101C836A0974187DB20CF56F49442AB7A1F78CB90B144125EB8F53B15DF3DE545CB04
                                                                                                                                                                                                                                                        Function 00007FFDA3547D20 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: DescriptorSecurity$ControlLengthfreemallocmemcpy
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3383347431-0
                                                                                                                                                                                                                                                        • Opcode ID: 00db8a8ef03e6ccfc7907ca2be9497b938e4a031f4901367d256bfa0d2a9a409
                                                                                                                                                                                                                                                        • Instruction ID: 1f725fa621c40c947f8340cabd122506d2bf430e8e52bc02e0a5a2387b73c088
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 00db8a8ef03e6ccfc7907ca2be9497b938e4a031f4901367d256bfa0d2a9a409
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9011D322B09B4182FF0A8B6EE9601F95366EB89BD4F080035EF1D47B92DF2DD9958704
                                                                                                                                                                                                                                                        Function 00007FFDA3548BE0 Relevance: 7.6, APIs: 5, Instructions: 57COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • _Py_NewReference.PYTHON313(?,?,?,00007FFDA354715D,?,?,?,00007FFDA3546F53), ref: 00007FFDA3548BFD
                                                                                                                                                                                                                                                        • GetSecurityDescriptorLength.ADVAPI32(?,?,?,00007FFDA354715D,?,?,?,00007FFDA3546F53), ref: 00007FFDA3548C0E
                                                                                                                                                                                                                                                        • GetSecurityDescriptorControl.ADVAPI32(?,?,?,00007FFDA354715D,?,?,?,00007FFDA3546F53), ref: 00007FFDA3548C3F
                                                                                                                                                                                                                                                        • malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FFDA354715D,?,?,?,00007FFDA3546F53), ref: 00007FFDA3548C58
                                                                                                                                                                                                                                                        • memcpy.VCRUNTIME140(?,?,?,00007FFDA354715D,?,?,?,00007FFDA3546F53), ref: 00007FFDA3548C6B
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: DescriptorSecurity$ControlLengthReferencemallocmemcpy
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3412238872-0
                                                                                                                                                                                                                                                        • Opcode ID: c15fc75f51fb05eaa94f12650e5f0670c83e32bb2e77d43decb978ab075af439
                                                                                                                                                                                                                                                        • Instruction ID: bc135625a2c3a4b7c04e34ef256d8b20192222aae648b74780d78d775700b5ac
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c15fc75f51fb05eaa94f12650e5f0670c83e32bb2e77d43decb978ab075af439
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5911D322B05B4182FB059B5EE9103A96266FB84BD5F080031CF5D07B91DF3EE5E5C314
                                                                                                                                                                                                                                                        Function 00007FFDA3549FA0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 74COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Arg_Err_ParseStringTuple
                                                                                                                                                                                                                                                        • String ID: iiiiiiiii|i$year out of range
                                                                                                                                                                                                                                                        • API String ID: 385655187-1001734015
                                                                                                                                                                                                                                                        • Opcode ID: a393630f01c1ab398363936785eebc4b854c9c0a34006ea8152fcf8c0a72c652
                                                                                                                                                                                                                                                        • Instruction ID: 9b1bd0618c7111ac4154202383266a6489a4299dfc87566f265a5d173dd1dac0
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a393630f01c1ab398363936785eebc4b854c9c0a34006ea8152fcf8c0a72c652
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A531FFB2B09B0186E708CF18D4545AC33BAF748B80B55823ACBAD53701DF3AE9E5C744
                                                                                                                                                                                                                                                        Function 00007FFDA354A5C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72timeCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Timefloor$SystemVariant
                                                                                                                                                                                                                                                        • String ID: VariantTimeToSystemTime
                                                                                                                                                                                                                                                        • API String ID: 1266533630-2676162551
                                                                                                                                                                                                                                                        • Opcode ID: a465e119b1e8654e6b17b5d4bd19b62b8ede92bf3e9ff217748a048bfc1d5ad1
                                                                                                                                                                                                                                                        • Instruction ID: 9f1136182554c97e166fd00c6c51920208f976b05da7dd68089920173582b300
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a465e119b1e8654e6b17b5d4bd19b62b8ede92bf3e9ff217748a048bfc1d5ad1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 56316651E29FD544E28397399861075E35B6FA6789B049333F89E72727EF2AF0C24604
                                                                                                                                                                                                                                                        Function 00007FFDA354D570 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Arg_ParseTuple
                                                                                                                                                                                                                                                        • String ID: OiOOi(ii):MSG param$The object is not a PyHANDLE object
                                                                                                                                                                                                                                                        • API String ID: 3371842430-2297966167
                                                                                                                                                                                                                                                        • Opcode ID: 1aef02047203e126fbad942446429c40e2ebc0da5cb29cf657f2d8b5da010051
                                                                                                                                                                                                                                                        • Instruction ID: 43beafebb6b28b78217567ea70c73095aa4a9e50e0d20ff22012bc05d95df3df
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1aef02047203e126fbad942446429c40e2ebc0da5cb29cf657f2d8b5da010051
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A7218072B0AB0681EF02CF19D4500A973E7FB84B84F444032CA0D57366EF3AE965CB44
                                                                                                                                                                                                                                                        Function 00007FFDA3549120 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 59COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Arg_InitializeParseTuple
                                                                                                                                                                                                                                                        • String ID: (bbbbbb)b:Initialize$InitializeSid
                                                                                                                                                                                                                                                        • API String ID: 1991639834-750340051
                                                                                                                                                                                                                                                        • Opcode ID: 8f93dc5897869b6e6d762fe8350b58cad0134a8ca8a8ee9a4feec80ce2d05c27
                                                                                                                                                                                                                                                        • Instruction ID: 0db3852659f00c227d801c82db42b917714c8130bfe9cecc58f4805213788b78
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8f93dc5897869b6e6d762fe8350b58cad0134a8ca8a8ee9a4feec80ce2d05c27
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4121A132B1AB8281EF06CF16E4650BD33A2FB88784B450036DA2E47752DF3EE959C704
                                                                                                                                                                                                                                                        Function 00007FFDA3543E8C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Arg_DeleteParseTuple
                                                                                                                                                                                                                                                        • String ID: DeleteAce$l:DeleteAce
                                                                                                                                                                                                                                                        • API String ID: 1230908747-3702189175
                                                                                                                                                                                                                                                        • Opcode ID: e9fd5093a37588dd38093529aa320f1bd4afb36f3cc09021ea466ad982abeb09
                                                                                                                                                                                                                                                        • Instruction ID: c85a5491b28fe02842b44416f7484fd7ff647ba7beaa871d19b1bdee62e8a248
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e9fd5093a37588dd38093529aa320f1bd4afb36f3cc09021ea466ad982abeb09
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9B113362B1E3C247DB074F69E4601B93F72EF89B44B488072D68E93353D92DE5A6C704
                                                                                                                                                                                                                                                        Function 00007FFDA3544E90 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        • DEVMODE structure of size %d greater than supported size of %d, xrefs: 00007FFDA3544ED6
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Err_Format
                                                                                                                                                                                                                                                        • String ID: DEVMODE structure of size %d greater than supported size of %d
                                                                                                                                                                                                                                                        • API String ID: 376477240-1470040908
                                                                                                                                                                                                                                                        • Opcode ID: b8ecc243b236786a1011e640928dcb070ff00ad600dd3a87fa9598167f5ce84a
                                                                                                                                                                                                                                                        • Instruction ID: 6870ff2fb874b4da6f5e41b20de780402ffe48e4837abc375bb8095437af22c1
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b8ecc243b236786a1011e640928dcb070ff00ad600dd3a87fa9598167f5ce84a
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7A118261F5770281EF1A8F6ED46533822E3EB48B94F444030DD0E57792DE3EE5918748
                                                                                                                                                                                                                                                        Function 00007FFDA3548250 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 45COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Arg_DescriptorOwnerParseSecurityTuple
                                                                                                                                                                                                                                                        • String ID: :GetSecurityDescriptorOwner$GetSecurityDescriptorOwner
                                                                                                                                                                                                                                                        • API String ID: 2338322640-1512101531
                                                                                                                                                                                                                                                        • Opcode ID: 0535b539f90f532cb0c8c7548f6890f1e389f6ab6250c068e08cb84b90928d65
                                                                                                                                                                                                                                                        • Instruction ID: c7c063caed345cb5110894e8388db5adb9d737835694dd8096d07f12fa09926d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0535b539f90f532cb0c8c7548f6890f1e389f6ab6250c068e08cb84b90928d65
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A301C861F0AA0282EF0E8B5EF86027523A3FF84784F444031DA0D53756EE2EE595C708
                                                                                                                                                                                                                                                        Function 00007FFDA367B280 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 45COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • PyUnicode_InternFromString.PYTHON313(?,?,00000000,00007FFDA367A90A), ref: 00007FFDA367B29B
                                                                                                                                                                                                                                                        • PyUnicode_InternFromString.PYTHON313(?,?,00000000,00007FFDA367A90A), ref: 00007FFDA367B2C0
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: FromInternStringUnicode_
                                                                                                                                                                                                                                                        • String ID: pkcs_7_asn$x509_asn
                                                                                                                                                                                                                                                        • API String ID: 3337471625-3375957347
                                                                                                                                                                                                                                                        • Opcode ID: 558d5d3a9ef559b9bb73cef6fa9e1e05407cb85e81fbae4b2e71b342289d17a6
                                                                                                                                                                                                                                                        • Instruction ID: 2896cecedd4ded772a28da1d07b8e0f6b90c1c628111cc63a56acfac9396a8a4
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 558d5d3a9ef559b9bb73cef6fa9e1e05407cb85e81fbae4b2e71b342289d17a6
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3E110031F1BA4787FA558F59E8701382392AF49750B9C2434C81D673A2EF2EF895C61C
                                                                                                                                                                                                                                                        Function 00007FFDA3545240 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: CloseHandle$The object is not a PyHANDLE object
                                                                                                                                                                                                                                                        • API String ID: 0-4264222050
                                                                                                                                                                                                                                                        • Opcode ID: dc318d2b1349d4a50ab063cf74b006e41aa0c775c8383e0438a78d5d1f98fbfa
                                                                                                                                                                                                                                                        • Instruction ID: 245b94c606e020aa45069ae0ae16717313afa6997a22888d6d07cd57f625b45c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dc318d2b1349d4a50ab063cf74b006e41aa0c775c8383e0438a78d5d1f98fbfa
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1C118221F1FA02C2EE56CB1DD8A013963A3FF88758F840532D61E97792EF2EE5558308
                                                                                                                                                                                                                                                        Function 00007FFDA3676B58 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Arg_CheckErr_Long_OccurredPositional
                                                                                                                                                                                                                                                        • String ID: read
                                                                                                                                                                                                                                                        • API String ID: 3612027452-2555855207
                                                                                                                                                                                                                                                        • Opcode ID: 306359e4f8596419864749e46a6279d9dcbf16e10bf7bab82334e129a622ebfc
                                                                                                                                                                                                                                                        • Instruction ID: a86554c19908fcc82469600758bd7cf87e6bae5e743d67989628f022659a16bb
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 306359e4f8596419864749e46a6279d9dcbf16e10bf7bab82334e129a622ebfc
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E701D632F06B5185F6909F26A85402567B2EB8AF90B8C2131DE1D67796CF3EE455C704
                                                                                                                                                                                                                                                        Function 00007FFDA354C920 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Arg_CreateGuidParseReferenceTuple
                                                                                                                                                                                                                                                        • String ID: :CreateGuid
                                                                                                                                                                                                                                                        • API String ID: 1283042906-3559396464
                                                                                                                                                                                                                                                        • Opcode ID: 406caab003073a4f77f67d61481f4c1e26270bd55b296c2a684b999cc2a37536
                                                                                                                                                                                                                                                        • Instruction ID: fcfa1919cc88bef3a6cfda5f985d358566d56f3c3776be78111e113f638d9e0d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 406caab003073a4f77f67d61481f4c1e26270bd55b296c2a684b999cc2a37536
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D9019262F09B4181EA459B29E82116973A2FB89794F841135DA4F53327EF3DF1808B04
                                                                                                                                                                                                                                                        Function 00007FFDA3541B30 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Arg_InitializeParseTuple
                                                                                                                                                                                                                                                        • String ID: :Initialize$InitializeAcl
                                                                                                                                                                                                                                                        • API String ID: 1991639834-2627007299
                                                                                                                                                                                                                                                        • Opcode ID: 393eb0023e6c4a67651202f94622b7c3e74f33b7195f251b897bfafc05145604
                                                                                                                                                                                                                                                        • Instruction ID: 9f7ec1c03af4e7fd57993548394788666588741d72735de5197e6b83143227a4
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 393eb0023e6c4a67651202f94622b7c3e74f33b7195f251b897bfafc05145604
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A3F06861F5A60682EF1A8F2EEC7017523A3EF48F84B484031C90E57362EE2DF595D708
                                                                                                                                                                                                                                                        Function 00007FFDA35460C0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: FromString$CharErr_Unicode_Wide
                                                                                                                                                                                                                                                        • String ID: The string is too long
                                                                                                                                                                                                                                                        • API String ID: 1358704699-1150129668
                                                                                                                                                                                                                                                        • Opcode ID: 3e50894a2f6329b4e245a6427f8e7c1b14ee148e69ae879c50c0a09b0fbc83e2
                                                                                                                                                                                                                                                        • Instruction ID: a86b8b235df33d00075b607d17e14f205b8f3527d1bcfa5cf0ba4b606aa899d2
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3e50894a2f6329b4e245a6427f8e7c1b14ee148e69ae879c50c0a09b0fbc83e2
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0901B531F06A8181EF619B18E8613B923A2FF8C764F800231D5AE537E2DE2DE2048708
                                                                                                                                                                                                                                                        Function 00007FFDA3545420 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 30threadCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • PyEval_SaveThread.PYTHON313 ref: 00007FFDA354543A
                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32 ref: 00007FFDA3545447
                                                                                                                                                                                                                                                        • PyEval_RestoreThread.PYTHON313 ref: 00007FFDA3545452
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354C400: GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFDA3547A4D,?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA354C41B
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354C400: FormatMessageW.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFDA3547A4D,?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA354C48A
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354C400: PyUnicode_DecodeMBCS.PYTHON313(?,?,?,?,?,00000000,00000000,00007FFDA3547A4D,?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA354C568
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354C400: Py_BuildValue.PYTHON313(?,?,?,?,?,00000000,00000000,00007FFDA3547A4D,?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA354C57D
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354C400: LocalFree.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFDA3547A4D,?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA354C595
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354C400: PyErr_SetObject.PYTHON313(?,?,?,?,?,00000000,00000000,00007FFDA3547A4D,?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA354C5AA
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Eval_Thread$BuildCloseDecodeErr_ErrorFormatFreeHandleLastLocalMessageObjectRestoreSaveUnicode_Value
                                                                                                                                                                                                                                                        • String ID: CloseHandle
                                                                                                                                                                                                                                                        • API String ID: 2231686540-2962429428
                                                                                                                                                                                                                                                        • Opcode ID: 083de3100d951dd9bdb6f7860e10261bd61e50a463827633fdd8d26adf2132cc
                                                                                                                                                                                                                                                        • Instruction ID: 4884b1baabd48e5122f3b3f554207b787d19b85b8c75067eef9245ee5eab7d99
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 083de3100d951dd9bdb6f7860e10261bd61e50a463827633fdd8d26adf2132cc
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D4F0F636F0A74082EF569B2AF45037962A2FF88784F080030DA4F57756CE3DE4C28744
                                                                                                                                                                                                                                                        Function 00007FFDA354FC10 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: __current_exception__current_exception_contextterminate
                                                                                                                                                                                                                                                        • String ID: csm
                                                                                                                                                                                                                                                        • API String ID: 2542180945-1018135373
                                                                                                                                                                                                                                                        • Opcode ID: 3b4c1db84a87a6fdb22006f661c73e75c067a881438bcbb587b3e6fc569e0f3a
                                                                                                                                                                                                                                                        • Instruction ID: e783e50472f7c2166cdafe020047a158d1aa93587a888ad5e4abd68369c505ab
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3b4c1db84a87a6fdb22006f661c73e75c067a881438bcbb587b3e6fc569e0f3a
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6BF09032B0924696DB1A5FADE09806D23A3FB08B48F648432DB4817746DE39E890C705
                                                                                                                                                                                                                                                        Function 00007FFDA3550248 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: __current_exception__current_exception_contextterminate
                                                                                                                                                                                                                                                        • String ID: csm
                                                                                                                                                                                                                                                        • API String ID: 2542180945-1018135373
                                                                                                                                                                                                                                                        • Opcode ID: b86dd0a1a1710a2c7cd3376dcc4a259a6d59bebf1e1d349f78f65613216423d0
                                                                                                                                                                                                                                                        • Instruction ID: e14af70108b792718e7e04efe8063806f537b60073f81f62043ff0b3cf2e27c8
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b86dd0a1a1710a2c7cd3376dcc4a259a6d59bebf1e1d349f78f65613216423d0
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B3F0673760AB80CEC7569F69E8904AC3365F74DB88B895131FA4D57756CF38D890C300
                                                                                                                                                                                                                                                        Function 00007FFDA3674BD8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: DecodeErr_O_ctrlStringUnicode_
                                                                                                                                                                                                                                                        • String ID: Not a memory BIO
                                                                                                                                                                                                                                                        • API String ID: 3520065620-587638661
                                                                                                                                                                                                                                                        • Opcode ID: f1e569248959cc17e58cb0b44c7309055625ae041323eb1d6d1c9383251d7a75
                                                                                                                                                                                                                                                        • Instruction ID: 4f472ad3aee5a7e0c9a9335ff6b964dc6732299eb9b1277e3fd5d03ace27223e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f1e569248959cc17e58cb0b44c7309055625ae041323eb1d6d1c9383251d7a75
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ADF09061B2B64682FB04CF61E4687742362FF89B84F886431ED0E5A716DF2DE0488704
                                                                                                                                                                                                                                                        Function 00007FFDA3546330 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: From$CharStringUnicode_Widewsprintf
                                                                                                                                                                                                                                                        • String ID: IID('%ws')
                                                                                                                                                                                                                                                        • API String ID: 3341265217-2301737843
                                                                                                                                                                                                                                                        • Opcode ID: 74d81495bdbc85cec00b5cd67ca454c2b63e3e3fa1d9bcce47121b153791d4b7
                                                                                                                                                                                                                                                        • Instruction ID: a62cea9af163af99de8d4d1c79407b1d14882a7b1f66e440ea0bef13d5aa8c1e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 74d81495bdbc85cec00b5cd67ca454c2b63e3e3fa1d9bcce47121b153791d4b7
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B1F08162B09B8691EF619B04E4603A96371FB88764F800331C5AE137E6DF2CE249CB04
                                                                                                                                                                                                                                                        Function 00007FFDA354D340 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 23COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        • RECT must be a tuple of 4 ints (left, top, right, bottom), xrefs: 00007FFDA354D35E
                                                                                                                                                                                                                                                        • llll;RECT must be a tuple of 4 ints (left, top, right, bottom), xrefs: 00007FFDA354D38E
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Arg_Err_ParseStringTuple
                                                                                                                                                                                                                                                        • String ID: RECT must be a tuple of 4 ints (left, top, right, bottom)$llll;RECT must be a tuple of 4 ints (left, top, right, bottom)
                                                                                                                                                                                                                                                        • API String ID: 385655187-1420951713
                                                                                                                                                                                                                                                        • Opcode ID: 4fb09c2bb181abc938ff80eaaac510f2ee71be2d2c87fa52025b76ed328b3842
                                                                                                                                                                                                                                                        • Instruction ID: 1a019850a18e85712d824113c4f93567c47fc4a4f979e12296ae5dcc86619b79
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4fb09c2bb181abc938ff80eaaac510f2ee71be2d2c87fa52025b76ed328b3842
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9CF03AA5B05B8590DA01CF18D4601A977A2FB89B94FC48132CA4E53721EE3DE259CB04
                                                                                                                                                                                                                                                        Function 00007FFDA3674ABC Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: String$Bytes_Err_FromO_ctrlSize
                                                                                                                                                                                                                                                        • String ID: Not a memory BIO
                                                                                                                                                                                                                                                        • API String ID: 2349510700-587638661
                                                                                                                                                                                                                                                        • Opcode ID: 614c871b5d69d04367f3485d5a2068cd9391e9c87421409b60ef2095a56860c2
                                                                                                                                                                                                                                                        • Instruction ID: 36de7ecd5e78715a41a09ee1ed80c92456ac34689b185fbc981984fda1c75456
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 614c871b5d69d04367f3485d5a2068cd9391e9c87421409b60ef2095a56860c2
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 91F05461B2B54282FB44DF61E4A97752362FF88B84F886031D94E56715CF7EE0488B04
                                                                                                                                                                                                                                                        Function 00007FFDA354B530 Relevance: 6.1, APIs: 4, Instructions: 111COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Err_FreeMem_Memoryfreemalloc
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 182096997-0
                                                                                                                                                                                                                                                        • Opcode ID: 5a0dd487b60a1102b4735315523d65cbd22cac1ecefffe0ac02d4da6dfbaffd5
                                                                                                                                                                                                                                                        • Instruction ID: 49f83f5d04abc805f23aa29d845e18f449a5ef4bad9869892f770460651256ed
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5a0dd487b60a1102b4735315523d65cbd22cac1ecefffe0ac02d4da6dfbaffd5
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CE41EE73B06A5186DF169F58D0102B9B7A2FB94BE4F484231DE9C23795EF3AE4458344
                                                                                                                                                                                                                                                        Function 00007FFDA3544B30 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: memset$Referencemalloc
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3353409452-0
                                                                                                                                                                                                                                                        • Opcode ID: 702a331324a4662ae84315dbd7bb521fc5055dc9d41250d5f85af3e01e8bffa1
                                                                                                                                                                                                                                                        • Instruction ID: ddc89157d8b39575b367c5b8835e2cbcdb729494ab62234a1c18cda764ca841f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 702a331324a4662ae84315dbd7bb521fc5055dc9d41250d5f85af3e01e8bffa1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 31113C22B19B4497D720CF6AF49005AB771FB98B80B455039DB9E83B25EF7DE051C748
                                                                                                                                                                                                                                                        Function 00007FFDA3549080 Relevance: 6.0, APIs: 4, Instructions: 40COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CopyLengthReferencemalloc
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3624451276-0
                                                                                                                                                                                                                                                        • Opcode ID: eb9076c558b8a3fd92a970d114becebbb9b8943ef10aafd25703f05eb12ffbd7
                                                                                                                                                                                                                                                        • Instruction ID: 0d73cdbef2290472638a5026b7d80ec856763fe4c3689efab6c5f1f6729fd9b1
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: eb9076c558b8a3fd92a970d114becebbb9b8943ef10aafd25703f05eb12ffbd7
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 40018031F0AB4182EF499B5AF96416963A6FF49BD0F044034DA4E13B66DF3EE5518708
                                                                                                                                                                                                                                                        Function 00007FFD94434F54 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3411868379.00007FFD94271000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FFD94270000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3411850911.00007FFD94270000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412055684.00007FFD94525000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412055684.00007FFD94546000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412055684.00007FFD94555000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412055684.00007FFD9455F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412055684.00007FFD945A1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412055684.00007FFD94670000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412055684.00007FFD94678000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412337694.00007FFD9477F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412359134.00007FFD94796000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412377850.00007FFD9479B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412396889.00007FFD9479C000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412418207.00007FFD9479D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412440227.00007FFD9479E000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412470912.00007FFD947C4000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412491849.00007FFD947C6000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412510288.00007FFD947CE000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412541529.00007FFD9480F000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412577150.00007FFD94843000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412620155.00007FFD9486B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412641905.00007FFD9486D000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412662715.00007FFD9486F000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412684080.00007FFD94870000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412703956.00007FFD94871000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412726168.00007FFD94873000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412749382.00007FFD94882000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412791318.00007FFD948B0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffd94270000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 2933794660-0
                                                                                                                                                                                                                                                        • Opcode ID: fe63b84064a5ce4d74b8ca480f490018c065660e782260b98ef3b250c9bc7566
                                                                                                                                                                                                                                                        • Instruction ID: c4ee2883eb677cf44d24125b514b9221392e6536c844c2a176e675c441bc95c0
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fe63b84064a5ce4d74b8ca480f490018c065660e782260b98ef3b250c9bc7566
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6F111C26B14B058AEB50DFA0E8A42B833A4F71A758F845E31EA6D867A5DF7CD154C380
                                                                                                                                                                                                                                                        Function 00007FFDA3672F60 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 2933794660-0
                                                                                                                                                                                                                                                        • Opcode ID: 76cc7d293dce52ac903e1c4f27db05cd87f84480e9050da05d46ae017720b8e1
                                                                                                                                                                                                                                                        • Instruction ID: 3b8139c18caf596e4004d223cfd62573713d058389f967b63c8835cadd0ce859
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 76cc7d293dce52ac903e1c4f27db05cd87f84480e9050da05d46ae017720b8e1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 54111C22B15B058AFB008F71E8642B833A4FB19758F481E31DA6D567A5DF79D1688344
                                                                                                                                                                                                                                                        Function 00007FFDA3544AA0 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: memset$Referencemalloc
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3353409452-0
                                                                                                                                                                                                                                                        • Opcode ID: bbf950d98bc3cd11b916acf723f5275b2f468ca755442ab4f61e8457fbf862c0
                                                                                                                                                                                                                                                        • Instruction ID: c2c92f73585215298aec5dc6e82e59a4b05cf5969136e80b26f427c49a021901
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bbf950d98bc3cd11b916acf723f5275b2f468ca755442ab4f61e8457fbf862c0
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 20016D22B15B5592EB04CF2AE45002D7762FF88F84B095039EE1D53729EF3AD452C788
                                                                                                                                                                                                                                                        Function 00007FFDA35494D0 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Referencemallocmemcpymemset
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 1282408338-0
                                                                                                                                                                                                                                                        • Opcode ID: 73095b53417423003ff8c3720ff8871ddab7b9a8b5b7f12efa74452b125d15c7
                                                                                                                                                                                                                                                        • Instruction ID: dbf2cd636c481f5dec495a21f929db5a252749aa0da90af60581c5d77b2ab31c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 73095b53417423003ff8c3720ff8871ddab7b9a8b5b7f12efa74452b125d15c7
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ECF04421F1AB8181EB459B1AF850069A765EF48FD0F488034EE5D13F1ADF3DD5928704
                                                                                                                                                                                                                                                        Function 00007FFDA35443C0 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: InitializeReferencemallocmemset
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 306314696-0
                                                                                                                                                                                                                                                        • Opcode ID: 8eaef662fe11b7ed3f416aa89d04ef063d77837210d100f2d8329317cefc0958
                                                                                                                                                                                                                                                        • Instruction ID: fdc032f6911df4fd7705111b0bf46417cb293844f888c9c110153f9fa57c5c00
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8eaef662fe11b7ed3f416aa89d04ef063d77837210d100f2d8329317cefc0958
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 72F04F22B09F9186D700DB16F850059B765FB88FD0F544035EE5E53B2ADF3DD5928748
                                                                                                                                                                                                                                                        Function 00007FFDA3548B60 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: DescriptorSecurityfree$InitializeLengthReferencemalloc
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 2992339461-0
                                                                                                                                                                                                                                                        • Opcode ID: 3885bea4552c8b6a4a56223f5b7daa316118e0659c06125b2451a4d2c74a1f0f
                                                                                                                                                                                                                                                        • Instruction ID: ae777c5e3d47f2870d9c9c73b27beab1982ba0184f5ec999c5077211c0ab1d4e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3885bea4552c8b6a4a56223f5b7daa316118e0659c06125b2451a4d2c74a1f0f
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 24F09021F0AB0682EF099B16F96433962A2AB48FC0F088034CD5F0BB56CF7EE5958304
                                                                                                                                                                                                                                                        Function 00007FFDA3549550 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CopyLengthReferencemalloc
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3624451276-0
                                                                                                                                                                                                                                                        • Opcode ID: a89472044513ba651987c9a091f99ce9793c8cbcf630952da96ca9784dc25113
                                                                                                                                                                                                                                                        • Instruction ID: a1614792b2dd7079861c8d2e22d00dee393bf8a28038066a682b406f737a2dd1
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a89472044513ba651987c9a091f99ce9793c8cbcf630952da96ca9784dc25113
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 35F05E21F1AB8182DB108B5AF85402AA7A6FB48FC0B044034DA4E53B29DF3DE5918704
                                                                                                                                                                                                                                                        Function 00007FFDA3674844 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: X509_$E_get0_objectsE_lockE_unlockL_sk_deep_copy
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 1564091015-0
                                                                                                                                                                                                                                                        • Opcode ID: 83532caa02f6acb35b1453e7cc456119fdfb91cd1ecb4dc9de09abdf9df6df6a
                                                                                                                                                                                                                                                        • Instruction ID: 2559e5a540425e91381b5dfaf5afcca3f6b47829776aafb232cedf6536884a2a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 83532caa02f6acb35b1453e7cc456119fdfb91cd1ecb4dc9de09abdf9df6df6a
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D2F06C10F1A74781FA144B52B9684745356AF49FD0F8C2035DD1E57316DF3EE0888308
                                                                                                                                                                                                                                                        Function 00007FFDA354C1C0 Relevance: 6.0, APIs: 4, Instructions: 20threadCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Value$DeleteFreeLocalState_Thread
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3706641815-0
                                                                                                                                                                                                                                                        • Opcode ID: 8a2e063ff86a224c7f4f91bb71c4a4de6d4722a2c61b2448b33797f2fe0f29d8
                                                                                                                                                                                                                                                        • Instruction ID: b37f36bdf5f31e8e91d83e900335539424deaa10e1bc3ebb20ade026f65c6b5e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8a2e063ff86a224c7f4f91bb71c4a4de6d4722a2c61b2448b33797f2fe0f29d8
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 39F03024F0A70282FB0A8B69E86473422A3AF88705F084034C90F163A2CF3EB594C608
                                                                                                                                                                                                                                                        Function 00007FFDA354A400 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA3549AB0: PyImport_ImportModule.PYTHON313 ref: 00007FFDA3549AD1
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA3549AB0: PyObject_GetAttrString.PYTHON313 ref: 00007FFDA3549AED
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA3549AB0: _Py_Dealloc.PYTHON313 ref: 00007FFDA3549B04
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA3549AB0: PyTuple_New.PYTHON313 ref: 00007FFDA3549B11
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA3549AB0: PyObject_CallMethod.PYTHON313 ref: 00007FFDA3549B30
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA3549AB0: _Py_Dealloc.PYTHON313 ref: 00007FFDA3549B4B
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA3549AB0: _Py_Dealloc.PYTHON313 ref: 00007FFDA3549B66
                                                                                                                                                                                                                                                        • PyObject_GetAttrString.PYTHON313(?,?,?,?,?,?,?,?,?,00007FFDA3549C6D), ref: 00007FFDA354A444
                                                                                                                                                                                                                                                        • _Py_Dealloc.PYTHON313(?,?,?,?,?,?,?,?,?,00007FFDA3549C6D), ref: 00007FFDA354A4A8
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Dealloc$Object_$AttrString$CallImportImport_MethodModuleTuple_
                                                                                                                                                                                                                                                        • String ID: max
                                                                                                                                                                                                                                                        • API String ID: 66079785-2641765001
                                                                                                                                                                                                                                                        • Opcode ID: c7742cccba0b74eac24001ffb7e123acc52cb9acd810040e86681d1a68a09f60
                                                                                                                                                                                                                                                        • Instruction ID: 39679efc65c4652eec518bae3b58e4039542b8f5d92596080dcccabbc1d88a89
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c7742cccba0b74eac24001ffb7e123acc52cb9acd810040e86681d1a68a09f60
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8E118E32A0979282DB564F1AF15103DB3A2FB44B80F044031EA9D57B99DF3DE5A0C704
                                                                                                                                                                                                                                                        Function 00007FFDA36773C4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Arg_FreeMem_Parse
                                                                                                                                                                                                                                                        • String ID: ascii
                                                                                                                                                                                                                                                        • API String ID: 1432672584-3510295289
                                                                                                                                                                                                                                                        • Opcode ID: 243e4b09a69d811b6d5c2e9971f28d01f14bfb2967ed676d6493a3d16c9a3df8
                                                                                                                                                                                                                                                        • Instruction ID: 9b8ebf4626d8b9c19e1ebd8d1300f21a68e5013437ec335ca7742d224266f5cc
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 243e4b09a69d811b6d5c2e9971f28d01f14bfb2967ed676d6493a3d16c9a3df8
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 95113A32B09B8182EA50CF12E890169B7A5FB88F80F585136EF8C93B29DF3DD1558B04
                                                                                                                                                                                                                                                        Function 00007FFDA3549BE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45timeCOMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • PyArg_ParseTuple.PYTHON313 ref: 00007FFDA3549C02
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA3546460: PyLong_AsLongLong.PYTHON313 ref: 00007FFDA3546485
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA3546460: PyErr_Occurred.PYTHON313 ref: 00007FFDA3546494
                                                                                                                                                                                                                                                        • FileTimeToSystemTime.KERNEL32 ref: 00007FFDA3549C39
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354C400: GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFDA3547A4D,?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA354C41B
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354C400: FormatMessageW.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFDA3547A4D,?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA354C48A
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354C400: PyUnicode_DecodeMBCS.PYTHON313(?,?,?,?,?,00000000,00000000,00007FFDA3547A4D,?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA354C568
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354C400: Py_BuildValue.PYTHON313(?,?,?,?,?,00000000,00000000,00007FFDA3547A4D,?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA354C57D
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354C400: LocalFree.KERNEL32(?,?,?,?,?,00000000,00000000,00007FFDA3547A4D,?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA354C595
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354C400: PyErr_SetObject.PYTHON313(?,?,?,?,?,00000000,00000000,00007FFDA3547A4D,?,?,00000000,00007FFDA3547DC2,?,?,?,00007FFDA3541931), ref: 00007FFDA354C5AA
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Err_LongTime$Arg_BuildDecodeErrorFileFormatFreeLastLocalLong_MessageObjectOccurredParseSystemTupleUnicode_Value
                                                                                                                                                                                                                                                        • String ID: FileTimeToSystemTime
                                                                                                                                                                                                                                                        • API String ID: 1618908028-1754531670
                                                                                                                                                                                                                                                        • Opcode ID: 99e37812b2323da1d358adf734d79309d4d6e63afb47562442355d7a361db807
                                                                                                                                                                                                                                                        • Instruction ID: 939dd17fbd3a16b36caf189c8992c30142d81608d1da0ce295f53fa80ddc15a2
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 99e37812b2323da1d358adf734d79309d4d6e63afb47562442355d7a361db807
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2611B961F1998282EF56EB19E46206A73A3FFC4744F844031E54E52757EE2DE5058B04
                                                                                                                                                                                                                                                        Function 00007FFDA3543360 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Arg_ParseTuple
                                                                                                                                                                                                                                                        • String ID: AddAccessDeniedObjectAce$lllOOO:AddAccessDeniedObjectAce
                                                                                                                                                                                                                                                        • API String ID: 3371842430-3179976129
                                                                                                                                                                                                                                                        • Opcode ID: e3dfeb46af7c84d4519f2e145db967f80bf3f2d84102a64a761ca55c8579d974
                                                                                                                                                                                                                                                        • Instruction ID: 4ab9bf493938968aab3c89cc638b378452b39e96dff33a683611f0a31d5308e4
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e3dfeb46af7c84d4519f2e145db967f80bf3f2d84102a64a761ca55c8579d974
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D1119A72B09B8582CF11CF55F4844AD73A1FB88790F110136EAAD87B25EF3AD998CB00
                                                                                                                                                                                                                                                        Function 00007FFDA35432B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Arg_ParseTuple
                                                                                                                                                                                                                                                        • String ID: AddAccessAllowedObjectAce$lllOOO:AddAccessAllowedObjectAce
                                                                                                                                                                                                                                                        • API String ID: 3371842430-684429688
                                                                                                                                                                                                                                                        • Opcode ID: d8f714f13fb6f6a21b8a46a53381e791b01951d00187e0f0dc706bbcebc28b78
                                                                                                                                                                                                                                                        • Instruction ID: 650267201a98d46af89ec0d7d11e080ae5e3686e732084e330a69031bf79855f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d8f714f13fb6f6a21b8a46a53381e791b01951d00187e0f0dc706bbcebc28b78
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 67119A72B09B8582CF11CF55F4844AD73A1F788790F110136EAAD83B25EF3AD998CB00
                                                                                                                                                                                                                                                        Function 00007FFDA3679730 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Arg_CheckObject_PositionalTrue
                                                                                                                                                                                                                                                        • String ID: getpeercert
                                                                                                                                                                                                                                                        • API String ID: 341638686-200429401
                                                                                                                                                                                                                                                        • Opcode ID: a31f197caa86e27ec99a35df48cb99ec636af6543adc5f2850ac52fd4abccb1b
                                                                                                                                                                                                                                                        • Instruction ID: 9a14916663ebb2ef0fad15915cf58d9ecf6fa4044c2da47a53c6861ab78b26a0
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a31f197caa86e27ec99a35df48cb99ec636af6543adc5f2850ac52fd4abccb1b
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 11018F36B09B518AF7509F16A8640A977E6FB88FC0B9D6035DE0DA7716CF3AE841C704
                                                                                                                                                                                                                                                        Function 00007FFDA3542FA0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Arg_ParseTuple
                                                                                                                                                                                                                                                        • String ID: AddMandatoryAce$kkkO:AddMandatoryAce
                                                                                                                                                                                                                                                        • API String ID: 3371842430-3675006617
                                                                                                                                                                                                                                                        • Opcode ID: 4b493b86a8402f20ddd570d78824f01e47810dec285230cae9a0e7602c506f2d
                                                                                                                                                                                                                                                        • Instruction ID: 3f34454694f4e8d372c27975f52d509a6067f4d1564f02c90a1de70b73f85df3
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4b493b86a8402f20ddd570d78824f01e47810dec285230cae9a0e7602c506f2d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D1011A76B09741D2EB11CB68F4504AA77A1FB88794B540222EB8D93B29DF3DD294CF04
                                                                                                                                                                                                                                                        Function 00007FFDA3542E80 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Arg_ParseTuple
                                                                                                                                                                                                                                                        • String ID: AddAccessAllowedAceEx$lllO:AddAccessAllowedAceEx
                                                                                                                                                                                                                                                        • API String ID: 3371842430-1263352432
                                                                                                                                                                                                                                                        • Opcode ID: 8ed8396cbea493bc20a4220841801d33528b5f207fb43b7afe4ccf89f4662698
                                                                                                                                                                                                                                                        • Instruction ID: cf6c688cc09f7f6b7f077e52528ea5567e266513e13ecc4e429e1d4e5c7e03d7
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8ed8396cbea493bc20a4220841801d33528b5f207fb43b7afe4ccf89f4662698
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D6012C76B09741D2EB11CB69F4500AA77A1FB88794B540222EB8D93B29DF3DD294CF04
                                                                                                                                                                                                                                                        Function 00007FFDA3542F10 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Arg_ParseTuple
                                                                                                                                                                                                                                                        • String ID: AddAccessDeniedAceEx$lllO:AddAccessDeniedAceEx
                                                                                                                                                                                                                                                        • API String ID: 3371842430-4150984663
                                                                                                                                                                                                                                                        • Opcode ID: de81793985394db8eda63548ea9406e6c785a4610c77cab919a9f42de7ceaeda
                                                                                                                                                                                                                                                        • Instruction ID: dd996924bb2963b5f41fa12e77ac8c3d8fd64871c995f8429fd0eefdcd4a27b9
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: de81793985394db8eda63548ea9406e6c785a4610c77cab919a9f42de7ceaeda
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 95017176B09741D2DB11CB68F0500AA77A1FB88780F540222EB8C93B25DF3DD154CF04
                                                                                                                                                                                                                                                        Function 00007FFDA35466F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Arg_ParseReferenceTuple
                                                                                                                                                                                                                                                        • String ID: :OVERLAPPED
                                                                                                                                                                                                                                                        • API String ID: 709158290-1552635527
                                                                                                                                                                                                                                                        • Opcode ID: 99eac4c21a0de1c82c8a4d1f398764541f69fd89d1bf1e656bce4408f3be1879
                                                                                                                                                                                                                                                        • Instruction ID: 5fad088cc750bcf7582c6cf2e935523075dd619960da0348bae1491669f2df6d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 99eac4c21a0de1c82c8a4d1f398764541f69fd89d1bf1e656bce4408f3be1879
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CE01B132E15B8182D7048F25E99016D73EAFB99B84F545235DA8D53715EF3CE1E0C704
                                                                                                                                                                                                                                                        Function 00007FFDA354D4F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: DeallocSequence_Tuple
                                                                                                                                                                                                                                                        • String ID: Sequence can contain at most %d items
                                                                                                                                                                                                                                                        • API String ID: 1991852567-3507602910
                                                                                                                                                                                                                                                        • Opcode ID: ba9606983f3295d13d172f3df34be46ad0d38ebee954a0bfa1b3dec53b8fac5d
                                                                                                                                                                                                                                                        • Instruction ID: d387b35001ad01dcaf014342912a2b5f55054846e9f7491cec2e653e1a74ca80
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ba9606983f3295d13d172f3df34be46ad0d38ebee954a0bfa1b3dec53b8fac5d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 69F06D62F1BB4282EF1A8B19E46057423A2EB88B94F081031CD1E13796DE3EE5808B08
                                                                                                                                                                                                                                                        Function 00007FFDA354CFA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354AD90: PyErr_SetString.PYTHON313 ref: 00007FFDA354ADCF
                                                                                                                                                                                                                                                        • PyErr_Clear.PYTHON313 ref: 00007FFDA354CFBC
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354CEB0: PyNumber_Long.PYTHON313(?,?,?,00007FFDA35450DE), ref: 00007FFDA354CEC5
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354CEB0: PyErr_Occurred.PYTHON313(?,?,?,00007FFDA35450DE), ref: 00007FFDA354CED3
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354CEB0: PyLong_AsLongLong.PYTHON313(?,?,?,00007FFDA35450DE), ref: 00007FFDA354CEE1
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354CEB0: PyErr_Occurred.PYTHON313(?,?,?,00007FFDA35450DE), ref: 00007FFDA354CEF0
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354CEB0: PyErr_Clear.PYTHON313(?,?,?,00007FFDA35450DE), ref: 00007FFDA354CEFB
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354CEB0: PyLong_AsUnsignedLongLong.PYTHON313(?,?,?,00007FFDA35450DE), ref: 00007FFDA354CF04
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354CEB0: PyErr_Occurred.PYTHON313(?,?,?,00007FFDA35450DE), ref: 00007FFDA354CF13
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354CEB0: _Py_Dealloc.PYTHON313(?,?,?,00007FFDA35450DE), ref: 00007FFDA354CF2C
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354CEB0: PyErr_Format.PYTHON313(?,?,?,00007FFDA35450DE), ref: 00007FFDA354CF4B
                                                                                                                                                                                                                                                        • PyErr_SetString.PYTHON313 ref: 00007FFDA354CFF2
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        • Resource id/name must be string or int in the range 0-65536, xrefs: 00007FFDA354CFE1
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Err_$Long$Occurred$ClearLong_String$DeallocFormatNumber_Unsigned
                                                                                                                                                                                                                                                        • String ID: Resource id/name must be string or int in the range 0-65536
                                                                                                                                                                                                                                                        • API String ID: 286819204-907244015
                                                                                                                                                                                                                                                        • Opcode ID: 31b1ca96400902001310dfbad8b15d17db623f0623437432e6c4c09ff0a382c6
                                                                                                                                                                                                                                                        • Instruction ID: 6622b1c5fe9d34d348c351c582141c704965e61e93793d22005b26a4835035ab
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 31b1ca96400902001310dfbad8b15d17db623f0623437432e6c4c09ff0a382c6
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5CF04F21F1974291EB569B6AF9683791293EB88BC4F444031DA0E97756EE3EE4818708
                                                                                                                                                                                                                                                        Function 00007FFDA354D040 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354B1A0: PyUnicode_AsWideCharString.PYTHON313 ref: 00007FFDA354B1DA
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354B1A0: PyErr_SetString.PYTHON313 ref: 00007FFDA354B1F9
                                                                                                                                                                                                                                                        • PyErr_Clear.PYTHON313 ref: 00007FFDA354D05C
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354CEB0: PyNumber_Long.PYTHON313(?,?,?,00007FFDA35450DE), ref: 00007FFDA354CEC5
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354CEB0: PyErr_Occurred.PYTHON313(?,?,?,00007FFDA35450DE), ref: 00007FFDA354CED3
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354CEB0: PyLong_AsLongLong.PYTHON313(?,?,?,00007FFDA35450DE), ref: 00007FFDA354CEE1
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354CEB0: PyErr_Occurred.PYTHON313(?,?,?,00007FFDA35450DE), ref: 00007FFDA354CEF0
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354CEB0: PyErr_Clear.PYTHON313(?,?,?,00007FFDA35450DE), ref: 00007FFDA354CEFB
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354CEB0: PyLong_AsUnsignedLongLong.PYTHON313(?,?,?,00007FFDA35450DE), ref: 00007FFDA354CF04
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354CEB0: PyErr_Occurred.PYTHON313(?,?,?,00007FFDA35450DE), ref: 00007FFDA354CF13
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354CEB0: _Py_Dealloc.PYTHON313(?,?,?,00007FFDA35450DE), ref: 00007FFDA354CF2C
                                                                                                                                                                                                                                                          • Part of subcall function 00007FFDA354CEB0: PyErr_Format.PYTHON313(?,?,?,00007FFDA35450DE), ref: 00007FFDA354CF4B
                                                                                                                                                                                                                                                        • PyErr_SetString.PYTHON313 ref: 00007FFDA354D092
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        • Resource id/name must be unicode or int in the range 0-65536, xrefs: 00007FFDA354D081
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Err_$Long$OccurredString$ClearLong_$CharDeallocFormatNumber_Unicode_UnsignedWide
                                                                                                                                                                                                                                                        • String ID: Resource id/name must be unicode or int in the range 0-65536
                                                                                                                                                                                                                                                        • API String ID: 293670993-4091729669
                                                                                                                                                                                                                                                        • Opcode ID: 555b23e77155b6422bb856a96e125e404c24bcfd3c1006e6b91ad9e20b969513
                                                                                                                                                                                                                                                        • Instruction ID: 90e52b1b4a2bfaeec56c05e599ed5c925bfcae59a5c5fc997596b71464f636a8
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 555b23e77155b6422bb856a96e125e404c24bcfd3c1006e6b91ad9e20b969513
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 68F0A471F1A74281FF569B2AF5683791293AB48BC4F444031DA0E97747EE3EE0818708
                                                                                                                                                                                                                                                        Function 00007FFDA354A820 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Capsule_ImportReadyType_
                                                                                                                                                                                                                                                        • String ID: datetime.datetime_CAPI
                                                                                                                                                                                                                                                        • API String ID: 2581296196-711417590
                                                                                                                                                                                                                                                        • Opcode ID: 71f6e2cd8b549125eda3018e95e8dee2b3e503f95c455a05ccb1b3c9eda9d859
                                                                                                                                                                                                                                                        • Instruction ID: de021d9e202dc8b3b3520e7b9e17e16d9c3e304e09fd7768d6fa2a9b8cc7c3e0
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 71f6e2cd8b549125eda3018e95e8dee2b3e503f95c455a05ccb1b3c9eda9d859
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BC01EC75F06B4181EA06CB1EE8A007437A6FB88B90F498531C95E93361DF3EE5A6C304
                                                                                                                                                                                                                                                        Function 00007FFDA3545340 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Long$Arg_FromLong_ParseTuple
                                                                                                                                                                                                                                                        • String ID: :Detach
                                                                                                                                                                                                                                                        • API String ID: 1152936543-4103459575
                                                                                                                                                                                                                                                        • Opcode ID: f8836bdbb5d1f36a60bbf496dee83d82e6e9fc9586328ff7cf63e7ebb02f3342
                                                                                                                                                                                                                                                        • Instruction ID: 32c56ec82d7163d948f289c9c8ce7e18ad4bb09822d158d84147ac03e183bd63
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f8836bdbb5d1f36a60bbf496dee83d82e6e9fc9586328ff7cf63e7ebb02f3342
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 54F0A721B1574182EF564F29F95036922E2BF48BC0F885434D91E87745FF7DE594C704
                                                                                                                                                                                                                                                        Function 00007FFDA354BA40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Arg_ParseReferenceTuple
                                                                                                                                                                                                                                                        • String ID: :WAVEFORMATEX
                                                                                                                                                                                                                                                        • API String ID: 709158290-1364142124
                                                                                                                                                                                                                                                        • Opcode ID: 669a32538ec6f923bfe1ee86a65c60c36bc7eb7b96e35d950023d8bde529439e
                                                                                                                                                                                                                                                        • Instruction ID: 518dc5ca64641d49b24f3c976b81fa8f4edf936edf96bb3d55f32f4d5e198796
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 669a32538ec6f923bfe1ee86a65c60c36bc7eb7b96e35d950023d8bde529439e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 34F0B421F1674282DB15CF36EC5006932A2FF8DB44F845235D64E93312EF3DE2A08708
                                                                                                                                                                                                                                                        Function 00007FFDA367BE68 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Err_StringX_get_verify_mode
                                                                                                                                                                                                                                                        • String ID: invalid return value from SSL_CTX_get_verify_mode
                                                                                                                                                                                                                                                        • API String ID: 3939857436-2501269723
                                                                                                                                                                                                                                                        • Opcode ID: 37755f1760e9c2ebd58fc1c0ff21f95e39aa076c3fd6608a9ad303eb35dd497f
                                                                                                                                                                                                                                                        • Instruction ID: b868440d931845dff6e41c7af143318fbf4f85cc78516cc5bf7c5143e2551701
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 37755f1760e9c2ebd58fc1c0ff21f95e39aa076c3fd6608a9ad303eb35dd497f
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 74F01222B2A54682FB298725D8B51751372EB48B54F9C2435C61E9B3A1CF2ED8D6C308
                                                                                                                                                                                                                                                        Function 00007FFDA36767A4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Err_StringX_set_verify
                                                                                                                                                                                                                                                        • String ID: invalid value for verify_mode
                                                                                                                                                                                                                                                        • API String ID: 4223523404-2668209411
                                                                                                                                                                                                                                                        • Opcode ID: 6ea304071ca4d8d0a79c7e74895354ef27ed3270ac4b79d11357d5cbf65ca215
                                                                                                                                                                                                                                                        • Instruction ID: 6dcbefa79a2a362636f453a66e625f05b397e53b79883bd19f7ea27649c2f3e9
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6ea304071ca4d8d0a79c7e74895354ef27ed3270ac4b79d11357d5cbf65ca215
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 01F0A734F0A44741FA518728C87C1B41393BF88B84FE86431C80D96795DF2FE5498304
                                                                                                                                                                                                                                                        Function 00007FFDA3549A60 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: AttrObject_StringSubtypeType_
                                                                                                                                                                                                                                                        • String ID: timetuple
                                                                                                                                                                                                                                                        • API String ID: 1421930220-3328721318
                                                                                                                                                                                                                                                        • Opcode ID: 3f8d4b43d52be91b307c0cdd37ca4129189ec392190273ab2ef4856b4f036eae
                                                                                                                                                                                                                                                        • Instruction ID: dc4544a502284e9a467d065ab33118d848fdec2c1743790fcbaaa763f53ad52b
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3f8d4b43d52be91b307c0cdd37ca4129189ec392190273ab2ef4856b4f036eae
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BCE0ED91F4660282FF1A8B5FE8A653513939F58B91F489030CD1D56752EF1FE9D18308
                                                                                                                                                                                                                                                        Function 00007FFDA3541A70 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Arg_ParseTuple
                                                                                                                                                                                                                                                        • String ID: @$|ii:ACL
                                                                                                                                                                                                                                                        • API String ID: 3371842430-2672190651
                                                                                                                                                                                                                                                        • Opcode ID: a334b7dfaa821d41b7e8f3be6c7a66ccbd714a8d02a99bdf497d0802bf0223a7
                                                                                                                                                                                                                                                        • Instruction ID: 597c4e7dbee73c9353f7ea806f0663bca84074f99455e2999874cb68ad80ff1f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a334b7dfaa821d41b7e8f3be6c7a66ccbd714a8d02a99bdf497d0802bf0223a7
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4CF0A775F096C182E604DB95F411259A7A2FBC47A4FC04034EA4D53756DFBCD109CF04
                                                                                                                                                                                                                                                        Function 00007FFDA367CAA4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3413314326.00007FFDA3671000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFDA3670000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413296727.00007FFDA3670000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413333595.00007FFDA367E000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413356696.00007FFDA3691000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413376557.00007FFDA3692000.00000008.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413396390.00007FFDA3698000.00000004.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3413414339.00007FFDA369A000.00000002.00000001.01000000.0000000D.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3670000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Err_Object_StringTrue
                                                                                                                                                                                                                                                        • String ID: cannot delete attribute
                                                                                                                                                                                                                                                        • API String ID: 1323943456-1747274469
                                                                                                                                                                                                                                                        • Opcode ID: 8c84c338d224894d3ed47382b29769635c97ffba318e277e14ad243b3d061bae
                                                                                                                                                                                                                                                        • Instruction ID: be0388e6f8c85ba81becc95cfc908470ef1e5466b3644a770a70d93308f38ffb
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8c84c338d224894d3ed47382b29769635c97ffba318e277e14ad243b3d061bae
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 57E01265B0650281FA24CB7598A40342363AF54B69B9C6B31C92EAA3D6EF6E94898704
                                                                                                                                                                                                                                                        Function 00007FFDA3541BA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Arg_ParseTupleValid
                                                                                                                                                                                                                                                        • String ID: :IsValid
                                                                                                                                                                                                                                                        • API String ID: 2541654197-2800628479
                                                                                                                                                                                                                                                        • Opcode ID: c205e6c6629add5205025c12b4e55ecd6f97f98ddf72bd804bbb35d485ae357b
                                                                                                                                                                                                                                                        • Instruction ID: 11dc802bb6ef1701805009c2b21d490f0a6437584f84c87ddb99e8117bbf1ee1
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c205e6c6629add5205025c12b4e55ecd6f97f98ddf72bd804bbb35d485ae357b
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B1E08C11F1AA0682EF0A8BBAEC6007512E2AF48B80B041030CD0F96362FE2DF6D18708
                                                                                                                                                                                                                                                        Function 00007FFDA35492C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Arg_LengthParseTuple
                                                                                                                                                                                                                                                        • String ID: :GetLength
                                                                                                                                                                                                                                                        • API String ID: 1894485733-295138441
                                                                                                                                                                                                                                                        • Opcode ID: 3c69dd88cdf965b284251de54f93c677440366d6c9c987ed12ccb91b8556208d
                                                                                                                                                                                                                                                        • Instruction ID: 1e8e1d172b905fae800b5ee957fe460b5e8c2f4f07c3f3e04147d05dc0e9bc20
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3c69dd88cdf965b284251de54f93c677440366d6c9c987ed12ccb91b8556208d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B0E0CD51F1B60282EF1A4B76EC610751292EF48B80B041430CD1F96361EE2DF5D1C708
                                                                                                                                                                                                                                                        Function 00007FFDA3548AC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Arg_DescriptorLengthParseSecurityTuple
                                                                                                                                                                                                                                                        • String ID: :GetLength
                                                                                                                                                                                                                                                        • API String ID: 840013968-295138441
                                                                                                                                                                                                                                                        • Opcode ID: 4b502b493f44923badd855b2eabefab93c9aa0276462f2218449576b2ef85afb
                                                                                                                                                                                                                                                        • Instruction ID: 2247dfc526670aa2db5a1bab42d03410c2b58a7a2ffc90337151c62f448054ed
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4b502b493f44923badd855b2eabefab93c9aa0276462f2218449576b2ef85afb
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D6E08C51F1AA4282EF0A4BBAEC600751292AF48B90B041431CD1F96362EE6DF6E68708
                                                                                                                                                                                                                                                        Function 00007FFDA3548A80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Arg_DescriptorParseSecurityTupleValid
                                                                                                                                                                                                                                                        • String ID: :IsValid
                                                                                                                                                                                                                                                        • API String ID: 1292091245-2800628479
                                                                                                                                                                                                                                                        • Opcode ID: 62955e74c7143c37824a64132e3129fc9fe357e4491e50685c69f37ce866d45b
                                                                                                                                                                                                                                                        • Instruction ID: 915bda25d012aa89d8f21e8cadae7b406b9b856a813a54c4a63499743911c791
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 62955e74c7143c37824a64132e3129fc9fe357e4491e50685c69f37ce866d45b
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 57E0E651F1A60682EF1A5B66EC6007512969F48B90F041431CD1F96761ED7DF5D58704
                                                                                                                                                                                                                                                        Function 00007FFDA3549300 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Arg_AuthorityCountParseTuple
                                                                                                                                                                                                                                                        • String ID: :GetSubAuthorityCount
                                                                                                                                                                                                                                                        • API String ID: 4231099721-2020981275
                                                                                                                                                                                                                                                        • Opcode ID: da784ef745ded8b10977a995322f8d6846b7cc8515693475c2a544ad34ee81bc
                                                                                                                                                                                                                                                        • Instruction ID: af23e3d82d928d04f1e5d077e77f007b82c331e33b0eef2fb1160edc8536fe99
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: da784ef745ded8b10977a995322f8d6846b7cc8515693475c2a544ad34ee81bc
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A4E08651F0B64282EF0A4B7AEC6107426A29F48B81B445430CD1F96352EE2DF6E18704
                                                                                                                                                                                                                                                        Function 00007FFDA3549200 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Arg_ParseTupleValid
                                                                                                                                                                                                                                                        • String ID: :IsValid
                                                                                                                                                                                                                                                        • API String ID: 2541654197-2800628479
                                                                                                                                                                                                                                                        • Opcode ID: 0b4349dba64da8df61b8a50073b5194a98f0e01b25cefaace262f8ea508d1991
                                                                                                                                                                                                                                                        • Instruction ID: c2fb67a1f2e7e5e66262f45762acab1a71a87d06662ba77612a4a16b7a6eea85
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0b4349dba64da8df61b8a50073b5194a98f0e01b25cefaace262f8ea508d1991
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 19E08C11F1AA0683EF0A8B7AFC6007522A6AF48B80B041430CD1F96362EE2DF6D18708
                                                                                                                                                                                                                                                        Function 00007FFDA354CC10 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 16COMMON
                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000002.00000002.3412924469.00007FFDA3541000.00000020.00000001.01000000.00000017.sdmp, Offset: 00007FFDA3540000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412906003.00007FFDA3540000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412947554.00007FFDA3551000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412972078.00007FFDA355F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000002.00000002.3412988997.00007FFDA3562000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_2_2_7ffda3540000_user.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Err_String
                                                                                                                                                                                                                                                        • String ID: POINT must be a tuple of 2 ints (x,y)$ll;POINT must be a tuple of 2 ints (x,y)
                                                                                                                                                                                                                                                        • API String ID: 1450464846-334919720
                                                                                                                                                                                                                                                        • Opcode ID: bb86c514a6f5b80bd517a3355d44e97f5c100e51a03659f47b0f39897d6151d1
                                                                                                                                                                                                                                                        • Instruction ID: 8e96d52c542cf21a705b0713fae7df49aee2bb05c04a547d7d18769bbb568762
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bb86c514a6f5b80bd517a3355d44e97f5c100e51a03659f47b0f39897d6151d1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F3E09261F06B02C0DA058F1DD8901A427A2FB48B84F85C432C60E67322CE3EF299C708